CN102592084A - Bug-fixing client logic testing method and bug-fixing client logic testing system - Google Patents
Bug-fixing client logic testing method and bug-fixing client logic testing system Download PDFInfo
- Publication number
- CN102592084A CN102592084A CN2011104448615A CN201110444861A CN102592084A CN 102592084 A CN102592084 A CN 102592084A CN 2011104448615 A CN2011104448615 A CN 2011104448615A CN 201110444861 A CN201110444861 A CN 201110444861A CN 102592084 A CN102592084 A CN 102592084A
- Authority
- CN
- China
- Prior art keywords
- leak
- simulation
- patch
- client
- reparation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a bug-fixing client logic testing method and a bug-fixing client logic testing system, which are used for solving the problem that efficiency is affected due to time wasted for bug-fixing client logic. The bug-fixing client logic testing method includes: scanning the system to find out simulated bugs by a bug-fixing client according to a certain mode; downloading corresponding simulated bug patches from a bug base of a server if the simulated bugs are found, and generating simulated bug fixing identification marks on the basis that original system files of the system are reserved by the simulated bug patches; installing the simulated bug patches and generating corresponding the simulated bug fixing identification marks; traversing all modes to complete the whole testing process by the bug fixing client; determining that the bug-fixing client logic testing passes when the above processes are normally executed. The patches can be downloaded and installed quickly, time of the bug-fixing client logic testing is shortened, and testing efficiency is improved.
Description
Technical field
The application relates to technical field of measurement and test, particularly relates to method of testing and system that a kind of leak is repaired client logic.
Background technology
Leak is repaired client through the configuration condition in the vulnerability database (libleak), in the scanning system leak which need repair is arranged, said configuration condition as, the detection that file exists, the detection of fileversion number, the detection of registry entry etc.The leak that the user can select to repair is repaired.At first carry corresponding patch up and down during reparation, repair this patch of client call by leak then leak is repaired from outer network server.
Leak is repaired client and when carrying out, is related to various logic, comprises that start plays the window reparation, and repair on the backstage, and repair at main interface, and the service packs signature check is downloaded the domain name verification, competes the article logic, plays window logic etc.After leak being repaired the client modification at every turn; All need be to above-mentioned logic testing one by one; Whether test leak reparation client can go wrong in carrying out above-mentioned logic step; A logic of in the practical implementation leak being repaired client is as a pattern of test, therefore tests pairing pattern and has hundreds of even thousands of more than.But not all patch all is suitable for testing; And when carrying out associative mode and test for the patch that is suitable for testing; Operation is repaired in the patch and the execution that need to download correspondence; But the leak in system is can not be infinite many, all will inevitably occur and be suitable for the situation that test patch has all been repaired.Therefore select typical patch usually and test all patterns that leak is repaired client.
In this process; System scan is to leak and after confirming to repair, and leak is repaired client needs download patches, and a real patch often need be carried out a lot of operations when patching bugs; Therefore patch is also bigger, can cause the download of patch more consuming time.When installing after the download patches, said patch need be carried out operations such as release and update system file, therefore also need restart patch is come into force, and is also more consuming time according to the patch process.
In sum, when the utilization patch comes implementation of test cases to repair the logic of client with the test leak, be download patches with install patch all very expend time in the efficient of influence test.
Summary of the invention
Method of testing and system that the application provides a kind of leak to repair client logic expend time in the test that solves leak reparation client logic, influence the problem of efficient.
In order to address the above problem, the application discloses the method for testing that a kind of leak is repaired client logic, comprising:
Leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation;
If find the leak of simulation, then from the vulnerability database of server, download the leak patch of corresponding described simulation, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file;
The leak patch of this simulation is installed and is generated corresponding simulating leak reparation sign, said simulation leak reparation sign is used to identify the leak reparation completion of simulation;
Leak is repaired all patterns of client traversal to accomplish whole test process;
If above-mentioned all processes are all carried out normally, then the test of leak reparation client logic is passed through.
Preferably, the leak patch of said this simulation of installation also generates after the corresponding simulating leak reparation sign, and next pattern also comprises before carrying out test:
The simulation leak reparation sign that deletion generates.
Preferably, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue,
Said leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation, comprising:
Leak is repaired client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, the leak of said simulation is that the specific registry entry of system does not exist simulation leak repair data,
Said leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation, comprising:
Leak is repaired client and whether is had simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, the leak patch of said this simulation of installation also generates corresponding simulating leak reparation sign, comprising:
The leak patch of this simulation is installed, and under system's specific memory catalogue, is generated corresponding simulating leak reparation file.
Preferably, the leak patch of said this simulation of installation also generates corresponding simulating leak reparation sign, comprising:
The leak patch of this simulation is installed, and on the specific registry entry of system, is added corresponding simulating leak repair data.
Preferably, to the vulnerability database of the leak patch of storing simulation, set up the server that comprises said vulnerability database in Intranet in advance.
Preferably, leak is set on the local test machine repairs client, in advance the patch of local test machine is downloaded domain name and point to the Intranet emulating server.
Preferably, writing the leak patch of simulation and the naming method of the true patch of basis in advance names.
Preferably, the leak patch with said simulation is kept in the vulnerability database of emulating server in advance, and in vulnerability database, adds the information and the patch numbering of the leak patch of simulation, comprises the patch numbering in the leak patch title of wherein said simulation.
Preferably, repair the leak information of adding simulation in the client at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
Accordingly, disclosed herein as well is the test macro that a kind of leak is repaired client logic, comprising:
The first pattern test module specifically comprises following 3 sub-module:
Scanning leak submodule is used for leak reparation client and according to a kind of pattern system is scanned to search the leak of simulation;
The download patches submodule; Be used for if find the leak of simulation; Then from the vulnerability database of server, download the leak patch of corresponding described simulation, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file;
The patch submodule is installed, is used to install the leak patch of this simulation and generates corresponding simulating leak reparation sign, said simulation leak reparation sign is used to identify the leak reparation completion of simulation;
Other pattern test modules are used for leak and repair all patterns of client traversal to accomplish whole test process;
Object module is used for if above-mentioned all processes are all carried out normally, and then the test of leak reparation client logic is passed through.
Preferably, the said first pattern test module also comprises:
Delete the patch submodule, be used to delete the simulation leak reparation sign of generation.
Preferably, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule comprises:
The first scanning leak unit is used for leak and repairs client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule comprises:
The second scanning leak unit is used for leak reparation client and does not have simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, said installation patch submodule comprises:
First installs the patch unit, is used to install the leak patch of this simulation, and under system's specific memory catalogue, generates corresponding simulating leak reparation file.
Second installs the patch unit, is used to install the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulating leak repair data.
Preferably, described system also comprises:
Set up server and vulnerability database module, be used for vulnerability database, set up the server that comprises said vulnerability database in Intranet in advance to the leak patch of storage simulation.
The preset domain name module of downloading is used on the local test machine, being provided with leak and repairs client, in advance the patch of local test machine is downloaded domain name and points to the Intranet emulating server.
Write and name the patch module, be used for writing in advance the leak patch of simulation and name according to the naming method of true patch
Preserve the patch module, be used in advance the leak patch of said simulation being kept at the vulnerability database of emulating server, and in vulnerability database, add the information and the patch numbering of the leak patch of simulation, comprise the patch numbering in the title of the leak patch of wherein said simulation.
Add information module, be used for repairing the leak information that client is added simulation at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
Compared with prior art, the application comprises following advantage:
At first, the application uses the leak of simulation to substitute real leak, and the leak patch of using simulation is substituted real leak patch.Therefore leak reparation client scans to search the leak of simulation system according to a kind of pattern; If find the leak of simulation; Then from the vulnerability database of server, download the leak patch of corresponding described simulation; The leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file, therefore the leak patch of simulation is smaller, and speed of download is than very fast.The leak patch of this simulation is installed then and is generated simulation leak reparation sign; Said simulation leak reparation sign is used to identify the leak reparation completion of simulation; Leak is repaired all patterns of client traversal to accomplish whole test process; If above-mentioned all processes are all carried out normally, then the test of leak reparation client logic is passed through.Do not need the update system file when the application installs patch, installation rate is very fast.This shows that the application's download patches is all very quick with the installation patch, shortened the time of repairing the test of client logic, improved the efficient of test.
Secondly,, also need use other logic of this patch test, therefore need this patch of unloading because after the test execution of a certain logic finishes.Prior art to need system reducing being arrived not repairing state before, promptly will be deleted the system file that upgrades, and the registration table of modification is reduced, so just need restart system when being unloaded, and is equally very consuming time.The application's leak is repaired client and when carrying out the test of a pattern, has only been generated simulation leak reparation sign, so after this pattern test execution finished, next pattern was carried out before the test; Only needing to simulate the deletion of leak reparation sign gets final product; Promptly only need deletion simulation leak to repair file, or deletion simulation leak repair data, need not restart; Saving time very further improved the efficient of test.
Once more, the application adopts the leak of simulation to substitute real leak, therefore can control the setting of the leak of simulation according to the leak of preset simulation.Therefore when scanning; Only need whether to exist under the scanning system specific memory catalogue simulation leak to repair file; Or whether the specific registry entry of scanning system exist simulation leak repair data, can find leak fast, further improved the efficient of test.
Once more; The application sets up the server that comprises said vulnerability database in Intranet in advance to the vulnerability database of the leak patch of storage simulation, can control the download environment of leak patch; Can not receive the influence of outer net environment when therefore downloading the leak patch, further improve the speed of download of leak patch.
Description of drawings
Fig. 1 is that the said a kind of leak of the application embodiment is repaired the method for testing process flow diagram of client logic;
Fig. 2 is that the said a kind of leak of the application embodiment is repaired the test system structure figure of client logic.
Embodiment
For above-mentioned purpose, the feature and advantage that make the application can be more obviously understandable, the application is done further detailed explanation below in conjunction with accompanying drawing and embodiment.
Prior art is when testing the logic of leak reparation client, and system scan is to leak and after confirming to repair, and leak is repaired client and need can be caused the download of patch more consuming time from the restriction owing to network environment of outer net.When installing after the download patches, said patch need discharge and the update system file, also will revise registration table etc., and mending course is also more consuming time.
The method of testing that the application provides a kind of leak to repair client logic, download patches is all very quick with the installation patch when leak is repaired, and has improved the efficient of test.
With reference to Fig. 1, provided the said a kind of leak of the application embodiment and repaired the method for testing process flow diagram of client logic.
Leak is repaired client and when carrying out, is related to various logic, comprises that start plays the window reparation, and repair on the backstage, and repair at main interface, and the service packs signature check is downloaded the domain name verification, competes the article logic, plays window logic etc.After leak being repaired the client modification at every turn; All need be to above-mentioned logic testing one by one; Test leak reparation client and in carrying out above-mentioned logic step, whether can go wrong, in the practical implementation leak is repaired the pattern of a logic of client as test.
Leak is repaired client when certain logic of test, can system be scanned to search the leak of simulation according to the pattern of correspondence.Therefore when leak reparation client is tested a kind of logic, can scan system, search the leak that whether has simulation in the system through scanning according to a kind of pattern.Wherein, said a kind of logic is first logic that leak is repaired the client test.
In the practical implementation,, then from the vulnerability database of Intranet emulating server, download the leak patch of corresponding described simulation if found the leak of simulation in the above-mentioned scanning and confirmed patching bugs.
Wherein, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file.Said simulation leak reparation sign is used to identify this leak and has been repaired.
From the above, the leak patch of said simulation is used for generating simulation leak reparation file on the basis of retention system original system file.Therefore after downloading the leak patch of simulation; The leak patch that needs this simulation is installed is to repair corresponding leak; When the leak patch of simulation is installed, do not revise the system file in the original system, only generate the reparation that corresponding simulating leak reparation sign can be accomplished leak.
Wherein, said simulation leak reparation sign is used to identify the leak reparation completion of simulation.
After step 13 was carried out, a kind of pattern that leak is repaired client was finished, and normal if said a kind of pattern is carried out, then execution in step 14, otherwise said a kind of pattern is debugged, and is normal until test execution.
Leak is repaired client and is next traveled through all patterns, respectively each pattern is carried out the process of above-mentioned steps 11 to step 13, and all patterns of repairing client up to leak are finished, and whole test process is finished.
Otherwise leak is repaired the test of client logic and is not passed through, and can debug carrying out the place that mistake occurs.
In sum, the application uses the leak of simulation to substitute real leak, and the leak patch of using simulation is substituted real leak patch.Therefore leak reparation client scans to search the leak of simulation system according to a kind of pattern; If find the leak of simulation; Then from the vulnerability database of server, download the leak patch of corresponding described simulation; The leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file, therefore the leak patch of simulation is smaller, and speed of download is than very fast.The leak patch of this simulation is installed then and is generated simulation leak reparation sign; Said simulation leak reparation sign is used to identify the leak reparation completion of simulation; Leak is repaired all patterns of client traversal to accomplish whole test process; If above-mentioned all processes are all carried out normally, then the test of leak reparation client logic is passed through.Do not need the update system file when the application installs patch, also need not revise registration table, installation rate is very fast.This shows that the application's download patches is all very quick with the installation patch, shortened the time of repairing the test of client logic, improved the efficient of test.
Preferably, the leak patch of said this simulation of installation also generates after the corresponding simulating leak reparation sign, and next pattern also comprises before carrying out test:
The simulation leak reparation sign that deletion generates.
In the practical implementation, can write corresponding delete program and delete simulation leak reparation sign, can also repair after the test of client associative mode finishes at leak, add cancel statement and delete simulation leak reparation sign, the application does not do qualification to this.
Because leak is repaired client and when carrying out, is related to various logic; Can leak be repaired the pattern of a logic of client as test during test; But not all patch all is suitable for testing, and therefore selects typical patch usually and tests all patterns that leak is repaired client.After a certain pattern is finished, also need use this patch to carry out the test of other patterns, therefore need this patch of unloading.
Prior art to need system reducing being arrived not repairing state before, promptly will be deleted the system file that upgrades, and the registration table of modification is reduced, so just need restart system when being unloaded, and is equally very consuming time.
The application's leak is repaired client and when carrying out the test of a pattern, has only been generated simulation leak reparation sign; Therefore after this pattern test execution finishes; Next pattern is carried out before the test, only needs to simulate the deletion of leak reparation sign and gets final product, and need not restart; Saving time very further improved the efficient of test.
Preferably, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said leak is repaired client and according to a kind of pattern system scanned to search the leak of simulation, comprising:
Leak is repaired client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
The leak that can preestablish the simulation of system scan is not exist the simulation leak to repair file under system's specific memory catalogue; For example, the C that sets the system that scans coils when not having the zz.dat file, and there is leak in this system; Otherwise; If scan zz.dat situation, the C that promptly scans system takes inventory the file at zz.dat, then there is not leak in this system.
Therefore when leak is repaired client according to a certain mode scanning system, can whether exist the simulation leak to repair file under the scanning system specific memory catalogue,, then find the leak of simulation, otherwise do not find the leak of simulation if do not exist.
When for example leak is repaired client according to a kind of mode scanning system, can scanning system specific memory catalogue be the C dish down, whether exist the simulation leak to repair file is zz.dat.There is not the zz.dat file if scan the C dish of system, then found the leak of simulation, take inventory file, then do not find the leak of simulation at zz.dat if scan the C of system.
The leak of corresponding this kind simulation, the reparation of said simulation leak are designated the simulation leak and repair file, when therefore the leak patch of this simulation being installed, can under system's specific memory catalogue, generating the corresponding simulating leak and repair file.
After should the pattern test execution finishing, next pattern is carried out before the test, only needs deletion simulation leak to repair file and gets final product.
Preferably, the leak of said simulation is that the specific registry entry of system does not exist simulation leak repair data, and said leak is repaired client and according to a kind of pattern system scanned to search the leak of simulation, comprising:
Leak is repaired client and whether is had simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Leak is repaired client according to a kind of mode scanning system, and the leak that can preestablish the simulation of system scan is whether the specific registry entry of system exists simulation leak repair data, for example; A certain data of certain registration table of initialization system are x, if scanning back rreturn value is 0, then this registry entry is not simulated the leak repair data; There is leak in this system; Otherwise if scanning back rreturn value is x, then there is not leak in this system.
The leak of corresponding this kind simulation, the reparation of said simulation leak are designated the simulation leak and repair file, when therefore the leak patch of this simulation being installed, can generate corresponding simulating leak repair data at the specific registry entry of system.
After should the pattern test execution finishing, next pattern is carried out before the test, only needs deletion simulation leak repair data to get final product.
When system carries out scanning according to the pattern of correspondence, can scan according to the leak of preset simulation, if scan the leak of simulation, then corresponding the execution repaired operation, otherwise continues to scan by other patterns, up to EOT.
The application adopts the leak of simulation to substitute real leak, therefore can control the setting of the leak of simulation according to the leak of preset simulation.Therefore when scanning; Only need whether to exist under the scanning system specific memory catalogue simulation leak to repair file; Or whether the specific registry entry of scanning system exist simulation leak repair data, can find leak fast, further improved the efficient of test.
Preferably, to the vulnerability database of the leak patch of storing simulation, set up the server that comprises said vulnerability database in Intranet in advance.
The leak patch of simulation need be stored in the vulnerability database, when scanning the leak of simulation, could in vulnerability database, download to the leak patch of corresponding described simulation.Therefore can set up server in advance, said server is set up to above-mentioned vulnerability database.And can server be based upon in the Intranet, said Intranet is to carry out the local test of test and the internal network that is connected, therefore can the Control Network environment, and make the speed of download of patch can not receive the influence of network environment.
Preferably, leak is set on the local test machine repairs client, in advance the patch of local test machine is downloaded domain name and point to server.
The application can repair client with leak and be arranged on the local test machine; Leak is repaired client need be downloaded simulation from the vulnerability database of server leak patch; Therefore can revise the host file of local test machine in advance; The patch of local test machine is downloaded domain name point to server, for example point to above-mentioned interior network server.
Preferably, writing the leak patch of simulation and the naming method of the true patch of basis in advance names.
The application can write the leak patch of simulation in advance and according to the naming method of true patch the leak patch of simulation named.The naming method of true patch comprises the system that patch is directed against usually, the unique identification of patch, the corresponding platform and the system of certain language.
For example, write an exe program in advance, with the leak patch of said exe program as simulation, then can be provided with this exe program only c: generate the file of a zz.dat under the catalogue, then to repair file be zz.dat to the corresponding simulating leak.With this exe program called after WindowsXP-kb444441-x86-chs.exe; Then the leak patch name of simulation is called WindowsXP-kb444441-x86-chs; This title is to name according to the naming method of true patch, promptly represents under the WindowsXP system, and the unique identification of patch is that patch is numbered kb444441; X86 platform, chs are Chinese information processing system.
Preferably, the leak patch with said simulation is kept in the vulnerability database of server in advance, and in vulnerability database, adds the information and the patch numbering of the leak patch of simulation, comprises the patch numbering in the leak patch title of wherein said simulation.
In Intranet, build emulating server in advance, and vulnerability database is set in emulating server, the environment of vulnerability database in the vulnerability database simulation real server in the emulating server.Can in advance the leak patch of simulating be kept in the vulnerability database of emulating server; And the information and the patch numbering of in vulnerability database, adding the leak patch of simulation; Comprise the patch numbering in the leak patch title of wherein said simulation, for example go up the leak patch name of simulating in the example and be called WindowsXP-kb444441-x86-chs, wherein kb444441 is the patch numbering.Wherein each patch numbering is the unique identification of patch, all is unique therefore.
Preferably, repair the leak information of adding simulation in the client at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
Need the leak of scanning simulation and download the leak patch of corresponding described simulation in the test of leak reparation client logic; Therefore can repair the leak information of adding simulation in the client at leak in advance; Leak according to the sign of the leak in the leak information of said simulation scanning search simulation; After finding leak, can also find the leak patch of corresponding simulation according to the sign of the patch in the leak information of said simulation.
In the practical implementation; The leak sign can be set according to the leak of above-mentioned two kinds of simulations; The setting of the leak patch of simulating in the corresponding vulnerability database according to server to the identical setting of patch sign configuration, makes after finding the leak of simulation; When identifying the leak patch that finds corresponding simulation, can in the vulnerability database of Intranet emulating server, find leak patch and execution download to the leak corresponding simulating of this simulation according to said patch.
The application has added up respectively in practical implementation, and leak is repaired the time that client is used real leak patch and the leak patch that uses simulation, below as concrete concrete data such as the table 1 discussed of example:
Table 1
Can know that from the data of table 1 leak repairs client when using real leak patch to test, the test of each pattern needs the time to be roughly 483-1343s.And leak is when repairing leak patch that client uses simulation and testing, and the test of each pattern needs the time to be roughly 14-24s.
When using real leak patch to test, download patches, patch is installed, restart make patch come into force, unload patch and unload after time of restarting all be no less than 100s, expending time in very.During the real patch of installation in the win7 system, the internal system repair mechanism that also exists the xp system not have is so the set-up time can be longer in addition
And the leak patch that uses simulation is when testing; Only the download patches time is grown and have only 10s also most; Can the time that the leak patch that use simulation is tested is very quick, improve testing efficiency greatly, and need not any step of restarting in the test process; Automated procedures capable of using are carried out and are carried out test fast, have further improved testing efficiency.
With reference to Fig. 2, provided the said a kind of leak of the application embodiment and repaired the test system structure figure of client logic.
Accordingly, the application also provides a kind of leak to repair the test macro of client logic, comprises the first pattern test module 15, other pattern test modules 16 and object module 17, wherein,
The first pattern test module 15 specifically comprises following 3 sub-module:
Scanning leak submodule 151 is used for leak reparation client and according to a kind of pattern system is scanned to search the leak of simulation;
Download patches submodule 152; Be used for if find the leak of simulation; Then from the vulnerability database of server, download the leak patch of corresponding described simulation, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file;
Patch submodule 153 is installed, is used to install the leak patch of this simulation and generates corresponding simulating leak reparation sign, said simulation leak reparation sign is used to identify the leak reparation completion of simulation;
Other pattern test modules 16 are used for leak and repair all patterns of client traversal to accomplish whole test process;
Object module 17 is used for if above-mentioned all processes are all carried out normally, and then the test of leak reparation client logic is passed through.
Preferably, described system also comprises:
Delete patch submodule 154, be used to delete the simulation leak reparation sign of generation.
The leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule 151 comprises:
The first scanning leak unit 1511 is used for leak and repairs client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
The leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule 151 comprises:
The second scanning leak unit 1512 is used for leak reparation client and does not have simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Patch submodule 153 is installed, is comprised:
First installs patch unit 1531, is used to install the leak patch of this simulation, and under system's specific memory catalogue, generates corresponding simulating leak reparation file.
Second installs patch unit 1532, is used to install the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulating leak repair data.
Set up server and vulnerability database module 10, be used for vulnerability database, set up the server that comprises said vulnerability database in Intranet in advance to the leak patch of storage simulation.
The preset domain name module 11 of downloading is used on the local test machine, being provided with leak and repairs client, in advance the patch of local test machine is downloaded domain name and points to the Intranet emulating server.
Write and name patch module 12, be used for writing in advance the leak patch of simulation and name according to the naming method of true patch
Preserve patch module 13; Be used in advance the leak patch of said simulation being kept at the vulnerability database of emulating server; And the information and the patch numbering of in vulnerability database, adding the leak patch of simulation, comprise the patch numbering in the title of the leak patch of wherein said simulation.
Can test respectively the pattern of each in the test of leak reparation client logic; Certain pattern test module to should pattern is identical with the first pattern test module 15; All comprise corresponding submodule, for example scan leak submodule, download patches submodule, patch submodule and deletion patch submodule are installed.
Add information module 14, be used for repairing the leak information that client is added simulation at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
For system embodiment, because it is similar basically with method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
The application can describe in the general context of the computer executable instructions of being carried out by computing machine, for example program module.Usually, program module comprises the routine carrying out particular task or realize particular abstract, program, object, assembly, data structure or the like.Also can in DCE, put into practice the application, in these DCEs, by through communication network connected teleprocessing equipment execute the task.In DCE, program module can be arranged in this locality and the remote computer storage medium that comprises memory device.
At last; Also need to prove; In this article; Relational terms such as a kind of and second etc. only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.And; Term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability; Thereby make and comprise that process, method, commodity or the equipment of a series of key elements not only comprise those key elements; But also comprise other key elements of clearly not listing, or also be included as this process, method, commodity or equipment intrinsic key element.Under the situation that do not having much more more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment that comprises said key element and also have other identical element.
More than to the application provided a kind of leak repair the method for testing and the system of client logic; Be described in detail; Used specific case herein the application's principle and embodiment are set forth, the explanation of above embodiment just is used to help to understand the application's method and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to the application's thought, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the application.
Claims (22)
1. the method for testing of a leak reparation client logic is characterized in that, comprising:
Leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation;
If find the leak of simulation, then from the vulnerability database of server, download the leak patch of corresponding described simulation, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file;
The leak patch of this simulation is installed and is generated corresponding simulating leak reparation sign, said simulation leak reparation sign is used to identify the leak reparation completion of simulation;
Leak is repaired all patterns of client traversal to accomplish whole test process;
If above-mentioned all processes are all carried out normally, then the test of leak reparation client logic is passed through.
2. based on the described method of claim 1, it is characterized in that the leak patch of said this simulation of installation also generates after the corresponding simulating leak reparation sign, next pattern also comprises before carrying out test:
The simulation leak reparation sign that deletion generates.
3. method according to claim 1 is characterized in that, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue,
Said leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation, comprising:
Leak is repaired client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
4. method according to claim 1 is characterized in that, the leak of said simulation is that the specific registry entry of system does not exist simulation leak repair data,
Said leak is repaired client and according to a kind of pattern system is scanned to search the leak of simulation, comprising:
Leak is repaired client and whether is had simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
5. method according to claim 3 is characterized in that, the leak patch of said this simulation of installation also generates corresponding simulating leak reparation sign, comprising:
The leak patch of this simulation is installed, and under system's specific memory catalogue, is generated corresponding simulating leak reparation file.
6. method according to claim 4 is characterized in that, the leak patch of said this simulation of installation also generates corresponding simulating leak reparation sign, comprising:
The leak patch of this simulation is installed, and on the specific registry entry of system, is added corresponding simulating leak repair data.
7. method according to claim 1 is characterized in that, also comprises:
To the vulnerability database of the leak patch of storing simulation, set up the server that comprises said vulnerability database in Intranet in advance.
8. method according to claim 1 is characterized in that, also comprises:
Leak is set on the local test machine repairs client, in advance the patch of local test machine is downloaded domain name and point to server.
9. method according to claim 1 is characterized in that, also comprises:
Writing the leak patch of simulation and the naming method of the true patch of basis in advance names.
10. method according to claim 9 is characterized in that, also comprises:
Leak patch with said simulation is kept in the vulnerability database of server in advance, and in vulnerability database, adds the information and the patch numbering of the leak patch of simulation, comprises the patch numbering in the leak patch title of wherein said simulation.
11. method according to claim 1 is characterized in that, also comprises:
Repair the leak information of adding simulation in the client at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
12. a leak is repaired the test macro of client logic, it is characterized in that, comprising:
The first pattern test module specifically comprises following 3 sub-module:
Scanning leak submodule is used for leak reparation client and according to a kind of pattern system is scanned to search the leak of simulation;
The download patches submodule; Be used for if find the leak of simulation; Then from the vulnerability database of server, download the leak patch of corresponding described simulation, the leak patch of said simulation is used for generating simulation leak reparation sign on the basis of retention system original system file;
The patch submodule is installed, is used to install the leak patch of this simulation and generates corresponding simulating leak reparation sign, said simulation leak reparation sign is used to identify the leak reparation completion of simulation;
Other pattern test modules are used for leak and repair all patterns of client traversal to accomplish whole test process;
Object module is used for if above-mentioned all processes are all carried out normally, and then the test of leak reparation client logic is passed through.
13. system according to claim 12 is characterized in that, the said first pattern test module also comprises:
Delete the patch submodule, be used to delete the simulation leak reparation sign of generation.
14. system according to claim 12 is characterized in that, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule comprises:
The first scanning leak unit is used for leak and repairs client according to whether existing the simulation leak to repair file under a kind of mode scanning system specific memory catalogue, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
15. system according to claim 12 is characterized in that, the leak of said simulation is not exist the simulation leak to repair file under system's specific memory catalogue, and said scanning leak submodule comprises:
The second scanning leak unit is used for leak reparation client and does not have simulation leak repair data according to the specific registry entry of a kind of mode scanning system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
16. system according to claim 14 is characterized in that, the patch submodule is installed is comprised:
First installs the patch unit, is used to install the leak patch of this simulation, and under system's specific memory catalogue, generates corresponding simulating leak reparation file.
17. system according to claim 15 is characterized in that, the patch submodule is installed is comprised:
Second installs the patch unit, is used to install the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulating leak repair data.
18. system according to claim 12 is characterized in that, also comprises:
Set up server and vulnerability database module, be used for vulnerability database, set up the server that comprises said vulnerability database in Intranet in advance to the leak patch of storage simulation.
19. system according to claim 12 is characterized in that, also comprises:
The preset domain name module of downloading is used on the local test machine, being provided with leak and repairs client, in advance the patch of local test machine is downloaded domain name and points to the Intranet emulating server.
20. system according to claim 12 is characterized in that, also comprises:
Write and name the patch module, be used for writing in advance the leak patch of simulation and name according to the naming method of true patch
21. system according to claim 20 is characterized in that, also comprises:
Preserve the patch module, be used in advance the leak patch of said simulation being kept at the vulnerability database of emulating server, and in vulnerability database, add the information and the patch numbering of the leak patch of simulation, comprise the patch numbering in the title of the leak patch of wherein said simulation.
22. system according to claim 12 is characterized in that, also comprises:
Add information module, be used for repairing the leak information that client is added simulation at leak in advance, the leak information of said simulation is used to identify the leak of simulation and the leak patch of corresponding simulation.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444861.5A CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
| CN201510373043.9A CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444861.5A CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510373043.9A Division CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102592084A true CN102592084A (en) | 2012-07-18 |
| CN102592084B CN102592084B (en) | 2015-07-29 |
Family
ID=46480705
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510373043.9A Active CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
| CN201110444861.5A Active CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510373043.9A Active CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN104978532B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| CN103632098A (en) * | 2012-08-21 | 2014-03-12 | 腾讯科技(深圳)有限公司 | Method and device for repairing bugs |
| CN107395593A (en) * | 2017-07-19 | 2017-11-24 | 深信服科技股份有限公司 | A kind of leak automation means of defence, fire wall and storage medium |
| CN108345796A (en) * | 2017-05-02 | 2018-07-31 | 北京安天网络安全技术有限公司 | A kind of loophole reparation and host reinforcement means and system |
| CN110287112A (en) * | 2019-06-25 | 2019-09-27 | 网易(杭州)网络有限公司 | Maintaining method, device and the readable storage medium storing program for executing of client |
| CN110348220A (en) * | 2019-06-28 | 2019-10-18 | 北京威努特技术有限公司 | A kind of bug excavation method, loophole repair verification method, device and electronic equipment |
| CN111488287A (en) * | 2020-04-16 | 2020-08-04 | 南开大学 | Method, device, medium and electronic equipment for generating injection vulnerability test case |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845245B (en) * | 2016-12-21 | 2019-11-26 | 中国科学院信息工程研究所 | A kind of hot restorative procedure of loophole based on Xen virtual platform |
| CN116720195B (en) * | 2023-07-06 | 2024-01-26 | 浙江齐安信息科技有限公司 | Operating system vulnerability identification method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040064722A1 (en) * | 2002-10-01 | 2004-04-01 | Dinesh Neelay | System and method for propagating patches to address vulnerabilities in computers |
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN1877543A (en) * | 2005-06-06 | 2006-12-13 | 华为技术有限公司 | Data-driven automatic testing system and method |
| CN101986283A (en) * | 2010-11-16 | 2011-03-16 | 北京安天电子设备有限公司 | Method and system for detecting existed Windows system bugs |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100493085C (en) * | 2005-07-08 | 2009-05-27 | 清华大学 | P2P worm defending system |
| CN101482846A (en) * | 2008-12-25 | 2009-07-15 | 上海交通大学 | Bug excavation method based on executable code conversed analysis |
-
2011
- 2011-12-27 CN CN201510373043.9A patent/CN104978532B/en active Active
- 2011-12-27 CN CN201110444861.5A patent/CN102592084B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040064722A1 (en) * | 2002-10-01 | 2004-04-01 | Dinesh Neelay | System and method for propagating patches to address vulnerabilities in computers |
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN1877543A (en) * | 2005-06-06 | 2006-12-13 | 华为技术有限公司 | Data-driven automatic testing system and method |
| CN101986283A (en) * | 2010-11-16 | 2011-03-16 | 北京安天电子设备有限公司 | Method and system for detecting existed Windows system bugs |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632098A (en) * | 2012-08-21 | 2014-03-12 | 腾讯科技(深圳)有限公司 | Method and device for repairing bugs |
| CN103632098B (en) * | 2012-08-21 | 2019-05-10 | 腾讯科技(深圳)有限公司 | The method and device of patching bugs |
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| CN102945351B (en) * | 2012-11-05 | 2015-10-28 | 中国科学院软件研究所 | Based on the mobile intelligent terminal security breaches restorative procedure of Quick Response Code under cloud environment |
| CN108345796A (en) * | 2017-05-02 | 2018-07-31 | 北京安天网络安全技术有限公司 | A kind of loophole reparation and host reinforcement means and system |
| CN107395593A (en) * | 2017-07-19 | 2017-11-24 | 深信服科技股份有限公司 | A kind of leak automation means of defence, fire wall and storage medium |
| CN110287112A (en) * | 2019-06-25 | 2019-09-27 | 网易(杭州)网络有限公司 | Maintaining method, device and the readable storage medium storing program for executing of client |
| CN110287112B (en) * | 2019-06-25 | 2023-10-20 | 网易(杭州)网络有限公司 | Maintenance method and device for client and readable storage medium |
| CN110348220A (en) * | 2019-06-28 | 2019-10-18 | 北京威努特技术有限公司 | A kind of bug excavation method, loophole repair verification method, device and electronic equipment |
| CN111488287A (en) * | 2020-04-16 | 2020-08-04 | 南开大学 | Method, device, medium and electronic equipment for generating injection vulnerability test case |
| CN111488287B (en) * | 2020-04-16 | 2023-05-16 | 南开大学 | Method and device for generating injection vulnerability test cases, medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104978532A (en) | 2015-10-14 |
| CN104978532B (en) | 2018-10-23 |
| CN102592084B (en) | 2015-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102592084B (en) | A kind of leak repairs method of testing and the system of client logic | |
| US9940225B2 (en) | Automated error checking system for a software application and method therefor | |
| US8850393B2 (en) | Method and apparatus for testing software | |
| CN104915595B (en) | Cloud platform virtualizes the method and device of loophole reparation | |
| CN109902005B (en) | Automatic testing method and system | |
| KR101335912B1 (en) | The system and method for integrated management of test | |
| CN107133244B (en) | Method and device for testing database migration | |
| US20080040633A1 (en) | Traceability management apparatus, storage medium storing program, and tracing method | |
| US8661414B2 (en) | Method and system for testing an order management system | |
| CN107621963B (en) | Software deployment method, software deployment system and electronic equipment | |
| CN105138352B (en) | Method and device for installing application plug-in | |
| CN111563032A (en) | APP debugging method and device, computer equipment and storage medium | |
| WO2019077738A1 (en) | Data verification device, data verification method, and data verification program | |
| CN106843947B (en) | Method and device for processing code defects | |
| CN111142922B (en) | Application program updating method, device, terminal and server | |
| CN110928777A (en) | Test case processing method, device, equipment and storage medium | |
| CN110297749B (en) | Method and terminal for testing new function | |
| US10394699B1 (en) | Method and system for reusing a refinement file in coverage grading | |
| US20130167138A1 (en) | Method and apparatus for simulating installations | |
| US10922217B1 (en) | Adaptive regression testing | |
| CN105955857A (en) | Method and device for testing BIOS (Basic Input Output System) | |
| CN115934503A (en) | Program testing method, device, equipment and storage medium | |
| CN111752823A (en) | Method, device and equipment for testing vehicle-mounted power supply application software | |
| CN113760340B (en) | Hot patching method and device applied to Linux system | |
| CN114510253A (en) | Microservice upgrading method and microservice upgrading device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20151023 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20220729 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |