CN109508547A - A kind of localization method of vulnerability of application program, device, storage medium and terminal - Google Patents
A kind of localization method of vulnerability of application program, device, storage medium and terminal Download PDFInfo
- Publication number
- CN109508547A CN109508547A CN201811366149.6A CN201811366149A CN109508547A CN 109508547 A CN109508547 A CN 109508547A CN 201811366149 A CN201811366149 A CN 201811366149A CN 109508547 A CN109508547 A CN 109508547A
- Authority
- CN
- China
- Prior art keywords
- loophole
- user
- reappear
- application program
- operation log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of localization method of vulnerability of application program, device, storage medium and terminals, this method comprises: receiving the feedback information for the default application program that user submits, feedback information includes at least the description of loophole;Detect whether loophole is the loophole that can not reappear according to the description of loophole;In the case where loophole is the loophole that can not reappear, collects user and reappear the operation log after loophole, operation log includes at least: reappearing the reproduction step of loophole;The position of loophole is determined according to reproduction step.The present invention is after receiving the feedback information of user, detect whether the loophole can be reappeared, when that cannot reappear, operation log after reappearing loophole by collection user carries out the accurate positionin of loophole according to the detailed reproduction step recorded in operation log, to achieve the purpose that timely patching bugs, the problem of having further prevented that loophole reparation can not be carried out for a long time, usage experience reduction of the caused user to App, having caused customer churn.
Description
Technical field
The present invention relates to software test fields, more particularly to the localization method, device, storage of a kind of vulnerability of application program
Medium and terminal.
Background technique
Nowadays various application programs (App, Application) enrich the daily life of user, but since user makes
Type is many kinds of, and developer possibly can not consider institute's organic type and system adaptation journey in development and application program
Degree, therefore, exploitation or tester can also such as wish to add by receiving user using the feedback content after App after App is online
The functional information that adds, using App error situation occurred etc., function supplement or loophole (bug), which are repaired, to be realized to App.
In the prior art, since the loophole description of user feedback may be relatively simple or unprofessional, exploitation or tester
The accurate positionin of loophole can not be carried out, and then loophole problem can not be repaired in time, user is will affect when serious and body is used to App
It tests, causes customer churn.
Summary of the invention
The present invention provides localization method, device, storage medium and the terminal of a kind of vulnerability of application program, existing to solve
For technology since the loophole description of user feedback may be relatively simple or unprofessional, exploitation or tester can not carry out the standard of loophole
The problem of determining position, and then loophole can not be repaired in time.
In order to solve the above technical problems, on the one hand, the present invention provides a kind of localization method of vulnerability of application program, comprising:
Receive the feedback information for the default application program that user submits, wherein the feedback information includes at least the description of loophole;According to
The description of the loophole detects whether the loophole is the loophole that can not reappear;In the feelings that the loophole is the loophole that can not reappear
Under condition, collects the user and reappear the operation log after the loophole, wherein the operation log includes at least: described in reproduction
The reproduction step of loophole;The position of the loophole is determined according to the reproduction step.
Further, the collection user reappears the operation log after the loophole, comprising: opens the user and uses
Terminal log collection switch;It indicates that the user reappears the loophole, and collects after the user reappears the loophole
Operation log;Close the log collection switch for the terminal that the user uses.
Further, described to detect whether the loophole is the loophole that reappear according to the description of the loophole, comprising: root
Automatic detection script is created according to the description of the loophole, wherein the automatic detection script is for reappearing the loophole;It obtains
Take the result screenshot executed each time after the automatic detection script execution preset times;The detection knot executed each time
It is different from predetermined correct implementing result figure with the presence or absence of an at least result screenshot in fruit screenshot;Described each
In the result screenshot of secondary execution at least exist a result screenshot it is different from the correct implementing result figure in the case where, the leakage
Hole is reproducible loophole, and otherwise, the loophole is the loophole that can not reappear.
Further, it is described obtain the result screenshot that is executed each time after the automatic detection script execution preset times it
Before, further includes: empty all data cached of the application program.
On the other hand, the present invention also provides a kind of positioning devices of vulnerability of application program, comprising: receiving module, for connecing
Receive the feedback information for the default application program that user submits, wherein the feedback information includes at least the description of loophole;Detect mould
Block, for detecting whether the loophole is the loophole that can not reappear according to the description of the loophole;Collection module, for described
In the case that loophole is the loophole that can not reappear, collects the user and reappear the operation log after the loophole, wherein the behaviour
It is included at least as log: reappearing the reproduction step of the loophole;Locating module, for determining the leakage according to the reproduction step
The position in hole.
Further, the collection module, is specifically used for: opening the log collection switch for the terminal that the user uses;Refer to
Show that the user reappears the loophole, and collects the user and reappear the operation log after the loophole;Closing the user makes
The log collection of terminal switchs.
Further, the detection module, is specifically used for: automatic detection script is created according to the description of the loophole,
In, the automatic detection script is for reappearing the loophole;It obtains every after the automatic detection script execution preset times
The result screenshot once executed;With the presence or absence of an at least result screenshot in the detection result screenshot executed each time
It is different from predetermined correct implementing result figure;At least there is a result in the result screenshot executed each time to cut
In the case that figure is different from the correct implementing result figure, the loophole is reproducible loophole, and otherwise, the loophole is can not
The loophole of reproduction.
Further, the detection module, is also used to: emptying all data cached of the application program.
On the other hand, the present invention also provides a kind of storage mediums, are stored with computer program, computer program is by processor
The step of localization method of above-mentioned vulnerability of application program is realized when execution.
On the other hand, the present invention also provides a kind of terminals, include at least memory, processor, are stored with meter on memory
Calculation machine program, processor realize the localization method of above-mentioned vulnerability of application program when executing the computer program on memory
Step.
The present invention after receiving the feedback information of user, carry out detecting the loophole according to the feedback information of user first be
It is no to be reappeared, if can reappear, problem can be directly repaired, if cannot reappear, loophole can be reappeared by collecting user
Operation log afterwards carries out the accurate positionin of loophole, is repaired in time with reaching according to the detailed reproduction step recorded in operation log
The purpose of multiple loophole has further prevented that loophole reparation can not be carried out for a long time, and the usage experience of App drops in caused user
It is low, the problem of causing customer churn.
Detailed description of the invention
Fig. 1 is the flow chart of the localization method of vulnerability of application program in first embodiment of the invention;
Fig. 2 is the flow chart of the localization method of vulnerability of application program in second embodiment of the invention;
Fig. 3 is the flow chart of the localization method of vulnerability of application program in third embodiment of the invention;
Fig. 4 is the structural schematic diagram of the positioning device of vulnerability of application program into sixth embodiment of the present invention the 4th.
Specific embodiment
In order to solve the prior art since the loophole description of user feedback may be relatively simple or unprofessional, develops or test
Personnel can not carry out the accurate positionin of loophole, and then the problem of can not repair loophole in time, apply journey the present invention provides a kind of
Localization method, device, storage medium and the terminal of sequence loophole carry out into one the present invention below in conjunction with attached drawing and embodiment
Step is described in detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, the present invention is not limited.
The first embodiment of the present invention provides a kind of localization method of vulnerability of application program, flow chart as shown in Figure 1,
Mainly include step S101 to S104:
S101 receives the feedback information for the default application program that user submits.
User can applied during using default application program because different operations triggers different functions
Program there are when loophole, certain operations of user will lead to application program can not normal use, as dodge move back, white screen, can not be normal
It jumps, these problems influence whether that user to the normal use of application program, therefore, would generally be provided in the application
Feedback mechanism, so that user feeds back to by the problem in itself use process verbal description or by way of combining screenshot
Application program backstage, backstage receive the feedback information that user submits, also, at least should include that user is using in feedback information
The description of the loophole occurred in default application program.
It will be appreciated that presetting any one application program installed in the mobile terminal that application program is user, very
To being the included application program of operating system, the present embodiment is not herein to default application program progress concrete restriction.
S102 detects whether loophole is the loophole that can not reappear according to the description of loophole, is the leakage that can not reappear in loophole
When hole, step S103 is executed, otherwise, directly positions simultaneously patching bugs.
S103 collects user and reappears the operation log after loophole.
S104 determines the position of loophole according to reproduction step.
Reproducible loophole is the feedback information that backstage is submitted according to user, can be with by the circulate operation of certain number
Reappear the loophole of correspondence problem, but since the description of the loophole of user feedback may be relatively simple or unprofessional, it from the background can not root
The description of the problem of carrying out problem repetition according to description, or reappearing out and user are not inconsistent or the loophole is only at the end of certain model
Occur on end, thinks the problem of user submits at this time for the loophole that can not reappear.
It for the loophole that can be directly reappeared, is described according to the loophole of the result of reproduction and user, backstage or exploitation
Tester can directly position the position to go wrong into application program, and directly carry out problem reparation, multiple by hot repair
Mode is issued to user.For the loophole that can not reappear, then reappear the operation day after the loophole by real-time collecting user
Will, to obtain the reproduction step for reappearing the loophole.Specifically, operation log is log file, usually system or certain soft
Part to it is completed certain processing record, so as to will as reference, in the present embodiment, operation log include at least reproduction
The reproduction step of loophole can also further comprise the concrete condition of the mistake occurred, the information etc. of loophole type.
After obtaining reproduction step, it is only necessary to the accurate positionin of loophole can be carried out according to the reproduction step, developer exists
The reparation of loophole can be carried out after positioning loophole, loophole will not occur again after determining reparation, and not influence other normal function
In the case where energy, platform is answered by hot repair and updates reparation code, the user for there is the loophole is downloaded repairing.
The present embodiment carries out detecting first the loophole according to the feedback information of user after receiving the feedback information of user
Whether can be reappeared, if can reappear, can directly repair problem, if cannot reappear, leakage can be reappeared by collecting user
Operation log behind hole carries out the accurate positionin of loophole according to the detailed reproduction step recorded in operation log, to reach timely
The purpose of patching bugs has further prevented that loophole reparation can not be carried out for a long time, and the usage experience of App drops in caused user
It is low, the problem of causing customer churn.
The second embodiment of the present invention provides a kind of localization method of vulnerability of application program, and flow chart is as indicated with 2, main
To include step S201 to S206:
S201 receives the feedback information for the default application program that user submits.
S202 detects whether loophole is the loophole that can not reappear according to the description of loophole, is the leakage that can not reappear in loophole
When hole, step S203 is executed, otherwise, directly positions simultaneously patching bugs.
S203 opens the log collection switch for the terminal that user uses;
S204, instruction user reappear loophole, and collect user and reappear the operation log after loophole;
S205 closes the log collection switch for the terminal that user uses.
S206 determines the position of loophole according to reproduction step.
In the present embodiment, step S201 and S202 is identical as the step S101 and S102 in first embodiment of the invention, step
Rapid S206 is identical as the step S104 in first embodiment of the invention, is no longer described in detail in the present embodiment, in the present embodiment
It is described just for the step S203 to S205 different from first embodiment of the invention.
For the loophole that can not reappear, then reappear the operation log after the loophole by real-time collecting user, it is multiple to obtain
The now reproduction step of the loophole.Whole processing records of the operation file due to having recorded system or software, what is occupied deposits
It is larger to store up space, it is generally the case that user directly uses the number of operation log less, in order to save memory space, operates day
The collection switch of will is in off state.In the present embodiment, application software backstage is due to can not be directly according to user about loophole
Description when reappearing and positioning loophole, according to the ID for the user for submitting feedback, the terminal for controlling the user is opened log collection and is opened
It closes.After switch is opened, the disposition of all operations and application program that user is carried out can be recorded in operation log
In, at this point, instruction user reappears the loophole of its feedback, and after user reappears the loophole, collects and record leaky reproduction step
Operation log.After collection, the log collection switch of user's using terminal is closed, unlatching log collection can be deleted when necessary
The operation log generated in a period of switch, to discharge memory space.
The present embodiment by opening log collection switch when needed, and closing journal is received after getting operation log in time
Collection switch realizes acquisition operation log in time and achievees the purpose that timely patching bugs to position loophole, and can save terminal
For storing the memory space of operation log, only open when needed.
The third embodiment of the present invention provides a kind of localization method of vulnerability of application program, and flow chart is as indicated at 3, main
To include step S301 to S306:
S301 receives the feedback information for the default application program that user submits.
S302 creates automatic detection script according to the description of loophole.
S303 obtains the result screenshot executed each time after automatic detection script execution preset times.
S304, detect in the result screenshot that executes each time with the presence or absence of an at least result screenshot and it is predetermined just
True implementing result figure is different, at least there is a result screenshot and correct implementing result figure in the result screenshot executed each time
In the case where difference, loophole is reproducible loophole, directly positioning and patching bugs;Otherwise, loophole can not reappear
Loophole executes step S305.
S305 collects user and reappears the operation log after loophole.
S306 determines the position of loophole according to reproduction step.
In the present embodiment, step S301 is identical as the step S101 in first embodiment of the invention, step S305 and S306
It is identical as the step S103 and S104 in first embodiment of the invention, it is no longer described in detail in the present embodiment, in the present embodiment
It is described just for the step S302 to S304 different from first embodiment of the invention.
It include user's description as described in loophole in the feedback information that user submits, application program background server receives this
After description, according to its there may be the reason of, create automatic detection script to reappear the loophole;Then by the automatized script
Preset times are continuously performed, save the implementing result screenshot of application program after automatized script is finished each time as judgement
The foundation whether to start a leak;By automatized script execute preset times after, by the result screenshot executed each time with set in advance
Fixed correct implementing result figure compares, and detects in all result screenshots with the presence or absence of at least result screenshot and in advance
Determining correct implementing result figure is different;If in all result screenshots, exist an at least result screenshot with it is predetermined
Correct implementing result figure is different, then illustrates once occurred at least once not in the automatized script of preset times executes
It correct the case where executing, can determine at this time, by the circulate operation of finite number of time, the reproduction of loophole may be implemented, which is
Loophole can be reappeared, backstage or exploitation tester can directly position the position to go wrong into application program, and directly carry out
Problem reparation is issued by the multiple mode of hot repair to user;If all result screenshots are correctly held with preset
Row result figure is identical, then by the circulate operation of finite number of time, can not reappear the loophole, determines that the loophole is not reproducible leakage
Hole executes step S305 at this time and collects the operation log of user to position loophole place.
It will be appreciated that in the present embodiment, preset times be tester rule of thumb or the severity of loophole
The numerical value of setting, usually 100 times.Also, all data cached of application program before execution, is emptied first, guarantees to survey
Examination process not will receive the interference of other data, it is preferable that can empty primary application after having executed an automatized script
Program it is data cached, guarantee that the environment that executes every time is identical, promote testing efficiency.
Perform script of the present embodiment by automation, the judgement whether loophole of Lai Jinhang user feedback can reappear,
The operating time manually reappeared can be saved, further shortens the repairing efficiency of loophole, achievees the purpose that timely patching bugs.
The fourth embodiment of the present invention provides a kind of positioning device of vulnerability of application program, after being installed on application program
In platform server, structural schematic diagram is as shown in figure 4, specifically include that receiving module 10, for receiving default the answering of user's submission
With the feedback information of program, wherein feedback information includes at least the description of loophole;Detection module 20 is coupled with order module 10,
For detecting whether loophole is the loophole that can not reappear according to the description of loophole;Collection module 30 is coupled with detection module 20, is used
Reappear the operation log after loophole in the case where loophole is the loophole that can not reappear, collecting user, wherein operation log is extremely
It less include: the reproduction step for reappearing loophole;Locating module 40 is coupled with collection module 30, for determining leakage according to reproduction step
The position in hole.
User can applied during using default application program because different operations triggers different functions
Program there are when loophole, certain operations of user will lead to application program can not normal use, as dodge move back, white screen, can not be normal
It jumps, these problems influence whether that user to the normal use of application program, therefore, would generally be provided in the application
Feedback mechanism, so that user feeds back to by the problem in itself use process verbal description or by way of combining screenshot
The background server of application program receives the feedback information that user submits by receiving module 10, also, at least answers in feedback information
This includes the description for the loophole that user is occurred in using default application program.
Reproducible loophole is the feedback information that backstage is submitted according to user, the circulation that detection module 20 passes through certain number
Operation, can reappear the loophole of correspondence problem, it is determined that the loophole is reproducible loophole;But due to the loophole of user feedback
Description may be relatively simple or unprofessional, and detection module 20 can not carry out problem repetition according to description, or the problem of reappear out with
The description of user is not inconsistent or the loophole only occurs in the terminal of certain model, thinks that the problem of user submits is nothing at this time
The loophole of method reproduction.
It for the loophole that can be directly reappeared, is described according to the loophole of the result of reproduction and user, backstage or exploitation
Tester can directly position the position to go wrong into application program, and directly carry out problem reparation, multiple by hot repair
Mode is issued to user.For the loophole that can not reappear, then the loophole is reappeared by 30 real-time collecting user of collection module
Operation log afterwards, to obtain the reproduction step for reappearing the loophole.Specifically, operation log is log file, usually system
Or certain softwares, to the record of certain completed processing, so as to will be as reference, in the present embodiment, operation log be extremely
Few includes the reproduction step of reproduction loophole, can also further comprise the concrete condition of the mistake occurred, the information etc. of loophole type.
After obtaining reproduction step, locating module 40 need to carry out the accurate positionin of loophole according to the reproduction step,
Developer can carry out the reparation of loophole after positioning loophole, and loophole will not occur again after determining reparation, and not influence
In the case where other normal functions, platform is answered by hot repair and updates reparation code, the user for there is the loophole, which is downloaded, to repair
It mends.
The present embodiment carries out detecting first the loophole according to the feedback information of user after receiving the feedback information of user
Whether can be reappeared, if can reappear, can directly repair problem, if cannot reappear, leakage can be reappeared by collecting user
Operation log behind hole carries out the accurate positionin of loophole according to the detailed reproduction step recorded in operation log, to reach timely
The purpose of patching bugs has further prevented that loophole reparation can not be carried out for a long time, and the usage experience of App drops in caused user
It is low, the problem of causing customer churn.
The fifth embodiment of the present invention provides a kind of positioning device of vulnerability of application program, after being installed on application program
In platform server, structural schematic diagram is as shown in figure 4, specifically include that receiving module 10, for receiving default the answering of user's submission
With the feedback information of program, wherein feedback information includes at least the description of loophole;Detection module 20 is coupled with order module 10,
For detecting whether loophole is the loophole that can not reappear according to the description of loophole;Collection module 30 is coupled with detection module 20, is opened
Enable the log collection switch for the terminal that family uses;It indicates that user reappears loophole, and collects user and reappear the operation day after loophole
Will;Close the log collection switch for the terminal that user uses;Locating module 40 is coupled with collection module 30, for according to reproduction
Step determines the position of loophole.
In the present embodiment in the function and fourth embodiment of the invention of receiving module 10, detection module 20 and locating module 40
Receiving module 10, detection module 20 are identical as the function of locating module 40, and in this not go into detail, in the present embodiment only in detail
The concrete function of the thin description collection module 30 different from fourth embodiment.
For the loophole that can not reappear, then reappear the operation day after the loophole by 30 real-time collecting user of collection module
Will, to obtain the reproduction step for reappearing the loophole.Whole processing records of the operation file due to having recorded system or software,
The memory space that it is occupied is larger, it is generally the case that user directly uses the number of operation log less, empty in order to save storage
Between, the collection switch of operation log is in off state.In the present embodiment, application software backstage is due to can not be directly according to user
When the description as described in loophole reappears and positions loophole, collection module 30 controls the user's according to the ID for the user for submitting feedback
Terminal opens log collection switch;After switch is opened, the disposition of all operations and application program that user is carried out can
It is recorded in operation log, at this point, instruction user reappears the loophole of its feedback, and after user reappears the loophole, collects note
It is loaded with the operation log of loophole reproduction step;After collection, the log collection that collection module 30 closes user's using terminal is opened
It closes, the operation log generated in a period of opening log collection switch can be deleted, when necessary to discharge memory space.
The present embodiment by opening log collection switch when needed, and closing journal is received after getting operation log in time
Collection switch realizes acquisition operation log in time and achievees the purpose that timely patching bugs to position loophole, and can save terminal
For storing the memory space of operation log, only open when needed.
The sixth embodiment of the present invention provides a kind of positioning device of vulnerability of application program, after being installed on application program
In platform server, structural schematic diagram is as shown in figure 4, specifically include that receiving module 10, for receiving default the answering of user's submission
With the feedback information of program, wherein feedback information includes at least the description of loophole;Detection module 20 is coupled with order module 10,
Automatic detection script is created according to the description of loophole, wherein automatic detection script is for reappearing loophole;Obtain automation inspection
Survey the result screenshot executed each time after script execution preset times;It detects in the result screenshot executed each time with the presence or absence of extremely
A few result screenshot is different from predetermined correct implementing result figure;At least exist in the result screenshot executed each time
In the case that one result screenshot is different from correct implementing result figure, loophole is reproducible loophole, and otherwise, loophole is that can not answer
Existing loophole;Collection module 30 is coupled with detection module 20, for collecting in the case where loophole is the loophole that can not reappear
User reappears the operation log after loophole, wherein operation log includes at least: reappearing the reproduction step of loophole;Locating module 40,
It is coupled with collection module 30, for determining the position of loophole according to reproduction step.
In the present embodiment in the function and fourth embodiment of the invention of receiving module 10, collection module 30 and locating module 40
Receiving module 10, collection module 30 are identical as the function of locating module 40, and in this not go into detail, in the present embodiment only in detail
The concrete function of the thin description detection module 20 different from fourth embodiment.
It include user's description as described in loophole in the feedback information that user submits, after receiving module 10 receives the description,
According to its there may be the reason of, detection module 20 create automatic detection script to reappear the loophole;Then by the automation
Script continuously performs preset times, saves the implementing result screenshot conduct of application program after automatized script is finished each time
Judge whether the foundation to start a leak;The knot that detection module 20 after automatized script execution preset times, will will execute each time
Fruit screenshot is compared with preset correct implementing result figure, is detected in all result screenshots with the presence or absence of at least one
As a result screenshot is different from predetermined correct implementing result figure;If in all result screenshots, there is an at least result and cut
Figure is different from predetermined correct implementing result figure, then illustrates once occurred in the automatized script of preset times executes
The case where crossing at least once and being not performing properly, detection module 20 can determine at this time, can be with by the circulate operation of finite number of time
Realize the reproduction of loophole, which is that can reappear loophole, and backstage or exploitation tester can directly position into application program
The position of existing problem, and problem reparation is directly carried out, it is issued by the multiple mode of hot repair to user;If all results are cut
Figure is identical as preset correct implementing result figure, then by the circulate operation of finite number of time, can not reappear the loophole, examines
It surveys module 20 and determines that the loophole is not reproducible loophole, the operation log of user is collected to position by collection module 30 at this time
Where loophole.
It will be appreciated that before execution, detection module 20 empties all data cached of application program first, guarantee
Test process not will receive the interference of other data, it is preferable that can empty after having executed an automatized script and once answer
It is data cached with program, guarantee that the environment executed every time is identical, promotes testing efficiency.
Perform script of the present embodiment by automation, the judgement whether loophole of Lai Jinhang user feedback can reappear,
The operating time manually reappeared can be saved, further shortens the repairing efficiency of loophole, achievees the purpose that timely patching bugs.
Seventh embodiment of the invention provides a kind of storage medium, is stored with computer program, and computer program is processed
Following steps S11 to S14 is realized when device executes:
S11 receives the feedback information for the default application program that user submits, wherein feedback information includes at least loophole
Description;
S12 detects whether loophole is the loophole that can not reappear according to the description of loophole;
S13 collects user and reappears the operation log after loophole in the case where loophole is the loophole that can not reappear, wherein
Operation log includes at least: reappearing the reproduction step of loophole;
S14 determines the position of loophole according to reproduction step.
In the present embodiment, storage medium may be mounted in the background server of application program.Due to implementing first
The specific steps of the localization method of vulnerability of application program are described in detail in example, therefore, in the present embodiment not
It repeats again.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or
The various media that can store program code such as CD.Optionally, in the present embodiment, processor has been deposited according in storage medium
The program code of storage executes the method and step of above-described embodiment record.Optionally, the specific example in the present embodiment can refer to
Example described in above-described embodiment and optional embodiment, details are not described herein for the present embodiment.Obviously, the technology of this field
Personnel should be understood that each module of the above invention or each step can be realized with general computing device, they can be with
It is concentrated on a single computing device, or is distributed over a network of multiple computing devices, optionally, they can be used
Computing device executable program code is realized, is held it is thus possible to be stored in storage device by computing device
Row, and in some cases, can with the steps shown or described are performed in an order that is different from the one herein, or by they point
It is not fabricated to each integrated circuit modules, or makes multiple modules or steps in them to single integrated circuit module
It realizes.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The eighth embodiment of the present invention provides a kind of terminal, includes at least memory, processor, is stored on memory
Computer program, processor realize following steps S21 to S24 when executing the computer program on memory:
S21 receives the feedback information for the default application program that user submits, wherein feedback information includes at least loophole
Description;
S22 detects whether loophole is the loophole that can not reappear according to the description of loophole;
S23 collects user and reappears the operation log after loophole in the case where loophole is the loophole that can not reappear, wherein
Operation log includes at least: reappearing the reproduction step of loophole;
S24 determines the position of loophole according to reproduction step.
In the present embodiment, terminal can be the background server equipment of application program.Due in the first embodiment
Specific steps through the localization method to vulnerability of application program are described in detail, and therefore, repeat no more in the present embodiment.
Although for illustrative purposes, the preferred embodiment of the present invention has been disclosed, those skilled in the art will recognize
It is various improve, increase and replace be also it is possible, therefore, the scope of the present invention should be not limited to the above embodiments.
Claims (10)
1. a kind of localization method of vulnerability of application program characterized by comprising
Receive the feedback information for the default application program that user submits, wherein the feedback information includes at least the description of loophole;
Detect whether the loophole is the loophole that can not reappear according to the description of the loophole;
In the case where the loophole is the loophole that can not reappear, collects the user and reappears the operation log after the loophole,
Wherein, the operation log includes at least: reappearing the reproduction step of the loophole;
The position of the loophole is determined according to the reproduction step.
2. localization method as described in claim 1, which is characterized in that the collection user reappears the behaviour after the loophole
Make log, comprising:
Open the log collection switch for the terminal that the user uses;
It indicates that the user reappears the loophole, and collects the user and reappear the operation log after the loophole;
Close the log collection switch for the terminal that the user uses.
3. localization method as claimed in claim 1 or 2, which is characterized in that described according to the description of loophole detection
Whether loophole is the loophole that can not reappear, comprising:
Automatic detection script is created according to the description of the loophole, wherein the automatic detection script is described for reappearing
Loophole;
Obtain the result screenshot executed each time after the automatic detection script execution preset times;
In the detection result screenshot executed each time with the presence or absence of an at least result screenshot and it is predetermined just
True implementing result figure is different;
It is different from the correct implementing result figure at least to there is a result screenshot in the result screenshot executed each time
In the case where, the loophole is reproducible loophole, and otherwise, the loophole is the loophole that can not reappear.
4. localization method as claimed in claim 3, which is characterized in that the acquisition automatic detection script execution is default
Before the result screenshot executed each time after number, further includes:
Empty all data cached of the application program.
5. a kind of positioning device of vulnerability of application program characterized by comprising
Receiving module, the feedback information of the default application program for receiving user's submission, wherein the feedback information at least wraps
Include the description of loophole;
Detection module, for detecting whether the loophole is the loophole that can not reappear according to the description of the loophole;
Collection module reappears the loophole in the case where the loophole is the loophole that can not reappear, collecting the user
Operation log afterwards, wherein the operation log includes at least: reappear the reproduction step of the loophole;
Locating module, for determining the position of the loophole according to the reproduction step.
6. positioning device as claimed in claim 5, which is characterized in that the collection module is specifically used for:
Open the log collection switch for the terminal that the user uses;
It indicates that the user reappears the loophole, and collects the user and reappear the operation log after the loophole;
Close the log collection switch for the terminal that the user uses.
7. such as positioning device described in claim 5 or 6, which is characterized in that the detection module is specifically used for:
Automatic detection script is created according to the description of the loophole, wherein the automatic detection script is described for reappearing
Loophole;
Obtain the result screenshot executed each time after the automatic detection script execution preset times;
In the detection result screenshot executed each time with the presence or absence of an at least result screenshot and it is predetermined just
True implementing result figure is different;
It is different from the correct implementing result figure at least to there is a result screenshot in the result screenshot executed each time
In the case where, the loophole is reproducible loophole, and otherwise, the loophole is the loophole that can not reappear.
8. positioning device as claimed in claim 7, which is characterized in that the detection module is also used to:
Empty all data cached of the application program.
9. a kind of storage medium, is stored with computer program, which is characterized in that real when the computer program is executed by processor
The step of localization method of existing vulnerability of application program described in any one of Claims 1-4.
10. a kind of terminal includes at least memory, processor, is stored with computer program on the memory, feature exists
In the processor realizes described in any one of Claims 1-4 answer when executing the computer program on the memory
The step of with the localization method of program bug.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811366149.6A CN109508547A (en) | 2018-11-16 | 2018-11-16 | A kind of localization method of vulnerability of application program, device, storage medium and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811366149.6A CN109508547A (en) | 2018-11-16 | 2018-11-16 | A kind of localization method of vulnerability of application program, device, storage medium and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109508547A true CN109508547A (en) | 2019-03-22 |
Family
ID=65748726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811366149.6A Pending CN109508547A (en) | 2018-11-16 | 2018-11-16 | A kind of localization method of vulnerability of application program, device, storage medium and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109508547A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110990842A (en) * | 2019-12-19 | 2020-04-10 | 上海米哈游网络科技股份有限公司 | Recurrence method and device of small probability event, storage medium and electronic equipment |
| CN112348653A (en) * | 2020-12-03 | 2021-02-09 | 四川长虹电器股份有限公司 | Automatic test operation and maintenance system of financial cloud platform |
| CN113221122A (en) * | 2021-05-21 | 2021-08-06 | 珠海金山网络游戏科技有限公司 | Vulnerability reproduction method and device |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110040924A1 (en) * | 2009-08-11 | 2011-02-17 | Selinger Robert D | Controller and Method for Detecting a Transmission Error Over a NAND Interface Using Error Detection Code |
| CN106294149A (en) * | 2016-08-09 | 2017-01-04 | 北京邮电大学 | A kind of method detecting Android application component communication leak |
| CN106844204A (en) * | 2017-01-11 | 2017-06-13 | 福建星网视易信息***有限公司 | A kind of utilization mobile terminal generates the method and system of defect report |
| CN107657177A (en) * | 2017-09-30 | 2018-02-02 | 北京奇虎科技有限公司 | A kind of leak detection method and device |
| CN107844486A (en) * | 2016-09-18 | 2018-03-27 | 腾讯科技(深圳)有限公司 | A kind of method and system of analysis webpage problem for client |
| CN108446134A (en) * | 2018-03-30 | 2018-08-24 | 努比亚技术有限公司 | Loophole restorative procedure, mobile terminal and the readable storage medium storing program for executing of application program |
-
2018
- 2018-11-16 CN CN201811366149.6A patent/CN109508547A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110040924A1 (en) * | 2009-08-11 | 2011-02-17 | Selinger Robert D | Controller and Method for Detecting a Transmission Error Over a NAND Interface Using Error Detection Code |
| CN106294149A (en) * | 2016-08-09 | 2017-01-04 | 北京邮电大学 | A kind of method detecting Android application component communication leak |
| CN107844486A (en) * | 2016-09-18 | 2018-03-27 | 腾讯科技(深圳)有限公司 | A kind of method and system of analysis webpage problem for client |
| CN106844204A (en) * | 2017-01-11 | 2017-06-13 | 福建星网视易信息***有限公司 | A kind of utilization mobile terminal generates the method and system of defect report |
| CN107657177A (en) * | 2017-09-30 | 2018-02-02 | 北京奇虎科技有限公司 | A kind of leak detection method and device |
| CN108446134A (en) * | 2018-03-30 | 2018-08-24 | 努比亚技术有限公司 | Loophole restorative procedure, mobile terminal and the readable storage medium storing program for executing of application program |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110990842A (en) * | 2019-12-19 | 2020-04-10 | 上海米哈游网络科技股份有限公司 | Recurrence method and device of small probability event, storage medium and electronic equipment |
| CN112348653A (en) * | 2020-12-03 | 2021-02-09 | 四川长虹电器股份有限公司 | Automatic test operation and maintenance system of financial cloud platform |
| CN113221122A (en) * | 2021-05-21 | 2021-08-06 | 珠海金山网络游戏科技有限公司 | Vulnerability reproduction method and device |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
| CN113422759B (en) * | 2021-06-10 | 2023-04-18 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109508547A (en) | A kind of localization method of vulnerability of application program, device, storage medium and terminal | |
| CN104050075B (en) | The method of testing and device of Andriod application programs | |
| CN109726107A (en) | Test method, device, equipment and storage medium | |
| US20050204241A1 (en) | Method and device for analyzing software error | |
| CN111274154A (en) | Automatic testing method, device, equipment and storage medium | |
| US20090204946A1 (en) | Intelligent software code updater | |
| US20140304556A1 (en) | Performing Automated System Tests | |
| CN111198811A (en) | Page automatic test method and device, electronic equipment and storage medium | |
| CN112306877A (en) | Power system fault operation and maintenance method and system | |
| CN110990289B (en) | Method and device for automatically submitting bug, electronic equipment and storage medium | |
| CN109460359A (en) | A kind of software version test method and system for embedded device | |
| CN117009243A (en) | Chip performance automatic test method, device, computer equipment and storage medium | |
| CN111814354A (en) | Simulation test method, system, medium and electronic device for instrument performance | |
| CN113127331B (en) | Test method and device based on fault injection and computer equipment | |
| CN113079061A (en) | Internet of things performance testing method and system | |
| US8855801B2 (en) | Automated integration of feedback from field failure to order configurator for dynamic optimization of manufacturing test processes | |
| CN110674038A (en) | Method and device for classifying error information in software test | |
| CN108845945A (en) | Using test optimization method and device | |
| CN111414194B (en) | Interface information generation method, system, electronic equipment and storage medium | |
| CN114546749A (en) | Chip random test case regression method, device, equipment and readable medium | |
| CN113986263A (en) | Code automation test method, device, electronic equipment and storage medium | |
| US7546589B2 (en) | Semi-automated desk checking system and method | |
| CN112612702A (en) | Automatic testing method and device based on web | |
| CN113190445A (en) | Interface test method, interface test device and interface test system | |
| US20200065630A1 (en) | Automated early anomaly detection in a continuous learning model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190322 |