CN103853650A - Test case generating method and device for fuzz testing - Google Patents
Test case generating method and device for fuzz testing Download PDFInfo
- Publication number
- CN103853650A CN103853650A CN201210496983.3A CN201210496983A CN103853650A CN 103853650 A CN103853650 A CN 103853650A CN 201210496983 A CN201210496983 A CN 201210496983A CN 103853650 A CN103853650 A CN 103853650A
- Authority
- CN
- China
- Prior art keywords
- case
- abnormal use
- input field
- grammar construct
- special character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Abstract
The invention provides a test case generating method and device for fuzz testing. The test case generating method comprises the steps of confirming grammatical structures of input fields according to legal contents of input fields of a tested system, wherein the grammatical structures of the input fields comprise special characters in the fields and positions of the special characters; generating abnormal use cases by adopting a set generating method and confirming grammatical structures of the abnormal use cases, wherein the grammatical structures of the abnormal use cases comprise special characters in the abnormal use cases and positions of the abnormal use cases; comparing the grammatical structures of the abnormal use cases with the grammatical structures of the input fields; if the grammatical structures of the abnormal use cases are identical to at least one special field in the grammatical structures of the input fields in position, the abnormal use cases are used as test cases of the tested system. By adopting the test case generating method and device for fuzz testing, the test cases for fuzz testing and input data of the tested system can have high similarity, and accordingly high-efficiency and comprehensive safe testing is achieved.
Description
Technical field
The present invention relates to software security technical field of measurement and test, particularly a kind of method for generating test case of fuzz testing and device.
Background technology
Black box (Black-box) test is a kind of conventional software security method of testing, its test does not rely on the source code of tested software program, and always can detect the security breaches that tested personnel ignore, thereby obtain a wide range of applications in software security test.
Fuzz testing (fuzz testing) is a kind of Black-box Testing technology occurring in the nineties, some random or semirandom data (being called fuzz) of this technical construction are as the input of tested software, and monitor response and/or the state of tested software, to determine whether there are security breaches in tested software.As a kind of Black-box Testing instrument, fuzz testing is generally used for large-scale software development project, it is advantageous that: the cost of testing is relatively low, and can automatically realize completely; And fuzz testing often can be found out security breaches relatively serious and that can victim be used.
Due to the fast development of network and the communication technology be widely used, a current important topic of software security field tests is that the agreements such as communication protocol, industry control agreement are realized and carry out safety test.In agreement realizes, causing one of major reason of security breaches is the abnormality processing to input data, and the safety problem causing due to abnormality processing for example comprises buffer overflow attack, format string attack and code injection attack etc.
The fuzz testing realized for agreement is normally based on character, even if some input field of tested agreement is based on binary bit stream, the data stream that also this binary bit stream can be converted to character style is tested, therefore, be generally random or semirandom character string to the test case of inputting in tested agreement.Because the legal content difference of this character string and protocol compliant specification is larger, tested agreement cannot correctly be resolved it, maybe may check out that it is illegal input, thereby refuse this test case.Therefore, not only testing efficiency is low to adopt this test case to carry out fuzz testing, and is difficult to the security breaches of the deep layer that detects tested agreement inside.
A kind of fuzz testing method has been proposed in U.S. Patent application US20090164975A1.Consider that some input data of system under test (SUT) are through the coding of ad hoc fashion, for example this part input data may be through Base64 coding or forward error correction coding (FEC), this part input data after randomization (fuzz) may be decoded by system under test (SUT), even can be decoded, decoded data also may be lost original form and maybe cannot be resolved.For this reason, method in this patented claim comprises: receive the formatted data by system under test (SUT) processing, determine the coded system that this formatted data adopts and select partial data wherein to carry out randomization, determine that according to described coding method corresponding demoder is to the decoding data of selecting, decoded data are carried out to randomization, determine that according to described coding method the data after corresponding scrambler is to randomization encode, use the randomization data after coding to test system under test (SUT).Although the method has been considered the specific coding mode of some input data of system under test (SUT), the input data after randomization still may be inputted data on form and normally larger difference, thereby can face the problem of being refused by system under test (SUT) equally.
Summary of the invention
For the problems referred to above, in order to make the test case of fuzz testing and the input data of system under test (SUT) have higher similarity, the embodiment of the present invention has proposed a kind of method for generating test case and device of fuzz testing.
According to the method for generating test case of the fuzz testing of the embodiment of the present invention, comprising:
According to the legal content of the input field of system under test (SUT), determine the grammar construct of this input field, the grammar construct of described input field comprises special character and the position thereof in this field;
Generate abnormal use-case according to the generation method of setting, and determine the grammar construct of the abnormal use-case generating, the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
The grammar construct of more described abnormal use-case and the grammar construct of described input field;
If there is the position of at least one special character identical in the grammar construct of the grammar construct of described abnormal use-case and described input field, the test case as described system under test (SUT) by described abnormal use-case.
According to the test case generating apparatus of a kind of fuzz testing of the embodiment of the present invention, comprising:
Input field grammar construct determining unit, for according to the legal content of the input field of system under test (SUT), determines the grammar construct of this input field, and the grammar construct of described input field comprises special character and the position thereof in this field;
Abnormal use-case generates and grammar construct determining unit, for generating abnormal use-case according to the generation method of setting, and determines the grammar construct of the abnormal use-case generating, and the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
Comparing unit, for the grammar construct of more described abnormal use-case and the grammar construct of described input field;
Screening unit, when have the position of at least one special character identical when the grammar construct of described abnormal use-case and the grammar construct of described input field, is used as described abnormal use-case the test case of described system under test (SUT).
In the method and apparatus providing at the invention described above embodiment, selected test case with in the legal content of input field, have the position of at least one special character identical, and special character and position thereof can determine the grammar construct of test case and input field, therefore, selected test case and the legal content of input field have certain similarity on form, syntax check by system under test (SUT) after such test case is input in system under test (SUT) or the possibility that can successfully be resolved are larger, thereby can reduce the situation that test case is refused by system under test (SUT), to realize more high-level efficiency and more fully safety test.
Brief description of the drawings
To, by describe exemplary embodiment of the present invention in detail with reference to accompanying drawing, the person of ordinary skill in the art is more clear that above-mentioned and other feature and advantage of the present invention below, in accompanying drawing:
Fig. 1 is according to the schematic flow sheet of the method for generating test case of the embodiment of the present invention;
Fig. 2 is the schematic diagram of the prefix trees automat of input field in the embodiment of the present invention;
Fig. 3 is the schematic diagram of the prefix trees automat of input field in another embodiment of the present invention;
Fig. 4 is the schematic diagram of the prefix trees automat of abnormal use-case in the embodiment of the present invention;
Fig. 5 is the schematic diagram of the prefix trees automat of abnormal use-case in another embodiment of the present invention;
Fig. 6 is according to the structural representation of the test case generating apparatus of the embodiment of the present invention;
Fig. 7 is the structural representation that generates equipment according to the test case of the embodiment of the present invention.
Embodiment
Below the mode with clearly understandable is also come the above-mentioned characteristic of the present invention, technical characterictic, advantage and implementation thereof to be further described by description of a preferred embodiment by reference to the accompanying drawings.
The embodiment of the present invention has proposed a kind of method for generating test case for fuzz testing, and as shown in Figure 1, the method comprises the steps:
Step 101: according to the legal content of the input field of system under test (SUT), determine the grammar construct of this input field, the grammar construct of described input field comprises special character and the position thereof in this field.
In embodiments of the present invention, system under test (SUT) can be the software that the use computer code such as application program, agreement realization is write, and is referred to as hereinafter system under test (SUT).
According to concrete application scenarios or protocol specification, the legal content of the input field of system under test (SUT) need to meet certain grammar construct.So-called grammar construct refer to this input field legal content should be satisfied syntax rule, in embodiments of the present invention, this syntax rule comprises special character and the position thereof in this field.At this, special character can be any symbol for specific use except lowercase, capitalization and numeral.The difference of operating system, protocol specification and/or the programming language adopting with system under test (SUT), the special character in the legal content of its input field can be different.For example, in C/C++ programming language, " % " represents the beginning of format string; In data exchange standard (PADIS, the Passenger and Airport Data InterchangeStandards) agreement on passenger and airport, the separator of "+" representative data item.
Step 102: generate abnormal use-case according to the generation method of setting, and determine the grammar construct of the abnormal use-case generating, the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case.
In this step, can adopt the generation method of setting to generate abnormal use-case.For example the most simply, can adopt random mode to generate abnormal use-case, can also adopt existing method further to filter the abnormal use-case of random generation, to remove similar abnormal use-case, make test case can more fully cover the input space of system under test (SUT), thereby improve the efficiency of fuzz testing.Or, also can adopt the more intelligent modes such as the fuzz testing method in patented claim as described above to generate abnormal use-case.In an embodiment of the present invention, be not restricted for the generation method of abnormal use-case.
For the abnormal use-case generating, equally its grammar construct is analyzed, determine special character and position thereof in abnormal use-case.
Step 103: the grammar construct of more abnormal use-case and the grammar construct of input field.
Next, the each special character and the position thereof that in abnormal use-case and input field, occur are compared.
Step 104: if having the position of at least one special character identical in the abnormal grammar construct of use-case and the grammar construct of input field, the test case as described system under test (SUT) by described abnormal use-case.
After comparing, if existed, in the grammar construct of abnormal use-case and the grammar construct of input field, to have the position of one or more special characters identical, the test case using this abnormal use-case as fuzz testing.
In the method providing at the invention described above embodiment, selected test case with in the legal content of input field, have the position of at least one special character identical, and special character and position thereof can determine the grammar construct of test case and input field, therefore, selected test case and the legal content of input field have certain similarity on form, syntax check by system under test (SUT) after such test case is input in system under test (SUT) or the possibility that can successfully be resolved are larger, thereby can reduce the situation that test case is refused by system under test (SUT), to realize more high-level efficiency and more fully safety test.
According to another embodiment of the present invention, can priority be set for test case, in the time that the position of special character identical in the grammar construct of test case and input field is more, the priority of test case is higher.The position of identical special character is more, shows that the form similarity between test case and the legal content of input field is larger, and the unaccepted possibility of this test case is less, therefore, can preferentially test this test case.
In the specific implementation, can be according to required priority, correspondence arranges several threshold ranges.For example corresponding priority 1,2,3, arranges respectively threshold range n<A, A≤n≤B, n>B, and n represents the quantity of the position of identical special character, and A and B are setting value; In the time that the position of special character identical in the grammar construct of test case and input field is less than threshold value A, the priority of this test case is 1, and the like.The test case that priority is higher will preferentially be used in fuzz testing.
According to still another embodiment of the invention, if compared with the grammar construct of abnormal use-case and the grammar construct of input field of test case, the position of at least one special character and special character itself is all identical, can be the higher priority of this test case setting.Particularly, for example can be first according to the quantity of the position of special character identical in the grammar construct of test case and input field, master-priority be set; Then, under same master-priority condition, further according to the quantity of identical special character, auxiliary priority is set, the quantity of identical special character is more, and auxiliary priority is higher.
In addition, also can be according to the legal content of input field, determine phrase and value thereof in this input field; And, determine phrase and value thereof in the abnormal use-case generating; Described phrase is separated by special character, and at this, described phrase can be lowercase, capitalization or numeral, the character string that also can be made up of lowercase, capitalization and/or numeral.
If the grammar construct of the abnormal use-case generating is with to have the position of at least one special character in the grammar construct of input field identical, also when this abnormal use-case will be used as test case, can be further the value taking described at least one special character as the phrase of prefix/postfix in the legal content of this test case and input field relatively.If taking described at least one special character as the value of the phrase of prefix/postfix is identical, can be the higher priority of this test case setting, preferentially to use in fuzz testing.Particularly, for example can be first according to the quantity of the position of special character identical in the grammar construct of test case and input field, master-priority be set; Then, under same master-priority condition, further according to the quantity of the phrase of identical value, auxiliary priority is set, the quantity of the phrase of identical value is more, and auxiliary priority is higher.
System under test (SUT) input field generally comprise two classes: the input field of regular length and the input field of variable-length.Wherein, the length of the input field of variable-length can be characterized by length field or specific end mark etc.Special character has more in the input field of present variable-length, and in the different input data of system under test (SUT), the length of the input field of variable-length and the content comprising may be different.The all possible legal content that the input field of variable-length comprises can be by prefix trees automat (PTA, Prefix Tree Automata), deterministic finite automaton (DFA, Deterministic Finite Automata) or regular expression represent.
For example, represent all possible legal content that input field was comprised of a variable-length with PTA, wherein each state (being node) represents the phrase occurring in the legal content of this field, and the transfer between state represents to separate the special character of phrase.Original state by PTA is set out, and along a bar state transfer path of PTA, the Output rusults that arrives an end-state is a kind of possible legal content of input field.The input field of supposing a variable-length may have three kinds of legal inputs, is respectively: " A/B/C ", " A/C ", " A/B/D ", the PTA generating for this input field so can be expressed as shown in Figure 2.
Wherein, node " A ", " B ", " C ", " D " are exactly each state of PTA, are illustrated in the phrase that may occur in the legal content of this field, and the transfer between the represented state of arrow is the special character of separating phrase.Original state " A " by PTA is set out, along a bar state transfer path of PTA, the Output rusults that arrives end-state " D " is a kind of possible legal input " A/B/D ", in like manner, also can obtain all the other two kinds possible legal input " A/B/C ", " A/C ".
Again taking the format string input field in C language as example, at this taking three kinds of possible legal content of this input field as example, be respectively " %s%d ", " %.16x ", " %*x ", the special character occurring in these three kinds of possible legal content is " % ", ". " and " * ", the PTA that these legal content is analyzed to this input field of rear acquisition can be expressed as shown in Fig. 3
Wherein, " O " node represents that the phrase of this node representative is null character string.
As mentioned before, the input field of system under test (SUT) can character style represent conventionally.Accordingly, the abnormal use-case generating can comprise wherein one or more of overlength character string, format string and code/script character string, corresponds respectively to that buffer overflow attack, format string are attacked and the security breaches such as code injection attack.
Below will be taking abnormal use-case as overlength character string and format string come further specific embodiments of the invention to be described as example.
First, taking the abnormal use-case of overlength character string as example:
The abnormal use-case of overlength character string class attempt with (considerably beyond) character string of the length that allows of legal content causes system under test (SUT) in the process of processing input data, to occur the abnormal of buffer overflow, supposes that the abnormal use-case that generated is in the present embodiment as follows:
AAA…AAA/EEEE…EEEE
AAA…AAA/BBB…BBB/CCC…CCC
AAA…AAA@DDD…DDD
Wherein, the very long character string (being far longer than 1 character) that the expression such as " AAA ... AAA " is made up of capitalization ' A ' etc., can be expressed as shown in Fig. 4 the PTA that these abnormal use-cases are analyzed the abnormal use-case of rear acquisition so.
Suppose the PTA of input field in the present embodiment as shown in Figure 2, comparison diagram 2 is known with Fig. 4, in abnormal use-case " AAA ... AAA/BBB ... BBB/CCC ... CCC " and legal content " A/B/D ", include three phrases, between two adjacent phrases, separate by special character "/", therefore, abnormal use-case " AAA ... AAA/BBB ... BBB/CCC ... CCC " is identical with the grammar construct of legal content " A/B/D ", and the special character and the position thereof that wherein occur are identical; Equally, extremely, use-case " AAA ... AAA/EEEE ... EEEE " is also identical with the grammar construct of legal content " A/C ".Because these abnormal use-cases are identical on form with corresponding legal content, the syntax check of abnormal use-case like this by system under test (SUT) or the possibility that can successfully be resolved are larger, thereby can reduce the situation of being refused by system under test (SUT), therefore, these abnormal use-cases are easy to by system under test (SUT) as normal input data.But overlength character strings such as " AAA ... AAA " may cause the input data of system under test (SUT) to occur buffer overflow, use these abnormal use-cases, as test case, system under test (SUT) is carried out to fuzz testing, may find the buffer-overflow vulnerability existing in system under test (SUT), thereby can improve the validity of fuzzy safety test, and make test process more efficient.
Because test case " AAA ... AAA/BBB ... BBB/CCC ... CCC " and " AAA ... AAA/EEEE ... EEEE " are identical with the special character and the position thereof that occur in corresponding legal content, in fuzz testing process, can preferentially use these two test cases to test.
Abnormal use-case " AAA ... AAA@DDD ... DDD " is different from the special character occurring in legal input data " A/C ", be respectively "@" and "/", but its position is identical, that is to say, abnormal use-case " AAA ... AAA@DDD ... DDD " is similar to the grammar construct of legal content " A/C ", therefore, this abnormal use-case also can be used as test case for fuzz testing, but its priority can be lower than above-mentioned two test cases " AAA ... AAA/BBB ... BBB/CCC ... CCC " and " AAA ... AAA/EEEE ... EEEE ".
Next, taking the abnormal use-case of format string as example:
The object of the abnormal use-case of format string class is to the input field of specified format character string not, as the input data of the functions such as printf are carried out safety test by abnormal format string.Suppose that the abnormal use-case that generated is in the present embodiment as follows:
AAAA
“%s%d%s%d”
“%.4096d”
“%****d”
The PTA that so these abnormal use-cases is analyzed to rear acquisition can be expressed as shown in Fig. 5.
Suppose the PTA of input field in the present embodiment as shown in Figure 3, comparison diagram 3 is known with Fig. 5, abnormal use-case " %.4096d " is identical with the grammar construct of legal content " %.16x ", the special character and the position thereof that wherein occur are identical, but in the phrase at the two taking special character ". " as prefix, 4096 value is far longer than 16, the memory abnormal that this may cause the functions such as printf to distribute.Therefore, use this abnormal use-case, as test case, system under test (SUT) is carried out to fuzz testing, can reduce the situation that test case is refused by system under test (SUT), and can find the format string leak existing in system under test (SUT), make test process more effective.
Abnormality test use-case " %s%d%s%d " is identical with the grammar construct of legal content " %s%d " and " %*x " with the prefix (" %s%d ", " %* ") in " %****d ", the special character and the position thereof that wherein occur are identical, therefore, abnormality test use-case " %s%d%s%d " and " %****d " also can be for fuzz testings.
The abnormal grammar construct of use-case " AAAA " and the grammar construct of all possible legal content be without any similarity, in order to save test duration and test resource, can be abandoned and be not used in fuzz testing.
Above the specific embodiment of the inventive method is had been described in detail.
The embodiment of the present invention has also proposed a kind of test case generating apparatus for fuzz testing, and as shown in Figure 6, this device 60 can utilize the mode of software, hardware or software and hardware combining to realize, and specifically can comprise:
Input field grammar construct determining unit 601, for according to the legal content of the input field of system under test (SUT), determines the grammar construct of this input field, and the grammar construct of described input field comprises special character and the position thereof in this field;
Abnormal use-case generates and grammar construct determining unit 602, for generating abnormal use-case according to the generation method of setting, and the grammar construct of definite abnormal use-case generating, the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
Comparing unit 603, for the grammar construct of more abnormal use-case and the grammar construct of input field;
In a specific embodiment of apparatus of the present invention, screening unit 604, can be further used for, for test case, priority is set, wherein, compared with the grammar construct of abnormal use-case and the grammar construct of input field of test case, when the position of identical special character is more, the priority of test case is higher.
In another embodiment of apparatus of the present invention, screening unit 604, also can be used for when compared with the abnormal use-case of test case and the grammar construct of input field, the own homogeneous phase of the position of at least one special character and special character simultaneously, is the higher priority of this test case setting.
In another embodiment of apparatus of the present invention, input field grammar construct determining unit 601, also can be used for the legal content according to input field, determines phrase and value thereof in this input field, and described phrase is separated by the special character in input field.
Abnormal use-case generates and grammar construct determining unit 602, also can be used for determining phrase and the value thereof in generated abnormal use-case, and described phrase is separated by the special character in abnormal use-case.
Comparing unit 603, also can be used in the time having the position of at least one special character identical in the grammar construct of abnormal use-case and the grammar construct of input field the further value taking described at least one special character as the phrase of prefix/postfix in more abnormal use-case and legal content.
Owing to the specific embodiment of the inventive method being had been described in detail above, the specific embodiment of apparatus of the present invention can, with reference to the respective description for the inventive method, not repeat them here.
The embodiment of the present invention also provides a kind of test case for fuzz testing to generate equipment, and as shown in Figure 7, this equipment can be realized by independent physical entity, or conduct is for a part for any physical entity of fuzz testing.
As shown in Figure 7, this test case generation equipment 70 that is used for fuzz testing can comprise storer 701 and processor 702.Wherein, storer 701 can be for stores executable instructions.Processor 702 can, for the executable instruction of storing according to storer 701, be carried out following steps:
According to the legal content of the input field of system under test (SUT), determine the grammar construct of this input field, the grammar construct of described input field comprises special character and the position thereof in this field;
Generate abnormal use-case according to the generation method of setting, and determine the grammar construct of the abnormal use-case generating, the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
The grammar construct of more abnormal use-case and the grammar construct of input field;
In the time having the position of at least one special character identical in the grammar construct of abnormal use-case and the grammar construct of input field, the test case by abnormal use-case as system under test (SUT).
Further, can be test case priority is set, wherein, compared with the grammar construct of abnormal use-case and the grammar construct of input field of test case, when the position of identical special character is more, the priority of test case is higher.
If compared with the grammar construct of abnormal use-case and the grammar construct of input field of test case, the position of at least one special character and special character itself is all identical, can be the higher priority of this test case setting.
In addition, also can be according to the legal content of input field, determine phrase and value thereof in this input field, described phrase is separated by the special character in input field; And, determine phrase and value thereof in the abnormal use-case generating, described phrase is separated by the special character in abnormal use-case.In the time having the position of at least one special character identical in the grammar construct of abnormal use-case and the grammar construct of input field, the further value taking described at least one special character as the phrase of prefix/postfix in more abnormal use-case and legal content.In the time that the value taking described at least one special character as the phrase of prefix/postfix is identical, be the higher priority of this test case setting.
The embodiment of the present invention also provides a kind of machine readable media, stores executable instruction on it, in the time that this executable instruction is performed, makes a machine carry out the performed step of aforementioned processing device 702.Particularly, system or the device of being furnished with storage medium can be provided, on this storage medium, storing the software program code of the function of arbitrary embodiment in realizing above-described embodiment, and making the computing machine (or CPU or MPU) of this system or device read and carry out the program code being stored in storage medium.
In this case, the program code reading from storage medium itself can be realized the function of any one embodiment above-described embodiment, and therefore program code and program code stored medium have formed a part of the present invention.
For providing the machine readable media embodiment of program code to comprise floppy disk, hard disk, magneto-optic disk, CD (as CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), tape, Nonvolatile memory card and ROM.Selectively, can be by communication network download program code from server computer.
In addition, be noted that, the program code that not only can read by object computer, and can make operating system of calculating hands-operation etc. complete practical operation partly or completely by the instruction based on program code, thereby realize the function of any one embodiment in above-described embodiment.
In addition, be understandable that, the program code of being read by storage medium write in storer set in the expansion board of inserting in computing machine or write in the storer arranging in the expanding element being connected with computing machine, instruction based on program code subsequently makes to be arranged on the CPU on expansion board or expanding element etc. and comes operating part and all practical operations, thereby realizes the function of arbitrary embodiment in above-described embodiment.
It should be noted that, in above-mentioned schematic diagram, be not all step and modules be all necessary, can ignore according to the actual needs some step or module.The execution sequence of each step is not fixed, and can adjust as required.The modular structure of describing in the various embodiments described above can be physical arrangement, can be also logical organization,, some module may be realized by Same Physical entity, or some module may be divided by multiple physical entities and realized, or, can jointly be realized by some parts in multiple autonomous devices.
By drawings and Examples, the present invention has been carried out to detail display and explanation above, but the invention is not restricted to the embodiment that these have disclosed, other schemes that those skilled in the art therefrom derive are also within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by appending claims.
Claims (16)
1. a method for generating test case for fuzz testing, comprising:
According to the legal content of the input field of system under test (SUT), determine the grammar construct of this input field, the grammar construct of described input field comprises special character and the position thereof in this field;
Generate abnormal use-case according to the generation method of setting, and determine the grammar construct of the abnormal use-case generating, the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
The grammar construct of more described abnormal use-case and the grammar construct of described input field;
If there is the position of at least one special character identical in the grammar construct of the grammar construct of described abnormal use-case and described input field, the test case as described system under test (SUT) by described abnormal use-case.
2. method according to claim 1, is characterized in that, also comprises:
For described test case arranges priority, wherein, compared with the grammar construct of abnormal use-case and the grammar construct of described input field of described test case, when the position of identical special character is more, the priority of described test case is higher.
3. method according to claim 2, is characterized in that, also comprises:
If compared with the grammar construct of abnormal use-case and the grammar construct of described input field of described test case, the position of at least one special character and special character itself is all identical, is the higher priority of this test case setting.
4. method according to claim 2, is characterized in that, also comprises:
According to the legal content of described input field, determine phrase and value thereof in this input field, described phrase is separated by the special character in described input field;
Determine phrase and value thereof in the abnormal use-case generating, described phrase is separated by the special character in described abnormal use-case;
If there is the position of at least one special character identical in the grammar construct of the grammar construct of described abnormal use-case and described input field, the further value taking described at least one special character as the phrase of prefix/postfix in more described abnormal use-case and described legal content;
If taking described at least one special character as the value of the phrase of prefix/postfix is identical, be the higher priority of this test case setting.
5. method according to claim 4, is characterized in that, described grammar construct and described phrase and value thereof are described by following any mode:
Prefix trees automat, deterministic finite automaton and regular expression.
6. according to the arbitrary described method of claim 1 to 5, it is characterized in that,
Described input field is variable length.
7. method according to claim 6, is characterized in that, the abnormal use-case generating comprises following one or more:
Overlength character string, format string and code/script character string.
8. a test case generating apparatus for fuzz testing, comprising:
Input field grammar construct determining unit, for according to the legal content of the input field of system under test (SUT), determines the grammar construct of this input field, and the grammar construct of described input field comprises special character and the position thereof in this field;
Abnormal use-case generates and grammar construct determining unit, for generating abnormal use-case according to the generation method of setting, and determines the grammar construct of the abnormal use-case generating, and the grammar construct of described abnormal use-case comprises special character and the position thereof in this abnormal use-case;
Comparing unit, for the grammar construct of more described abnormal use-case and the grammar construct of described input field;
Screening unit, when have the position of at least one special character identical when the grammar construct of described abnormal use-case and the grammar construct of described input field, is used as described abnormal use-case the test case of described system under test (SUT).
9. device according to claim 8, is characterized in that,
Described screening unit, be further used for as described test case arranges priority, wherein, compared with the grammar construct of abnormal use-case and the grammar construct of described input field of described test case, when the position of identical special character is more, the priority of described test case is higher.
10. device according to claim 9, is characterized in that,
Described screening unit, also for when as compared with the grammar construct of abnormal use-case and the grammar construct of described input field of described test case, the own homogeneous phase of the position of at least one special character and special character simultaneously, is the higher priority of this test case setting.
11. devices according to claim 9, is characterized in that,
Described input field grammar construct determining unit, also, for according to the legal content of described input field, determines phrase and value thereof in this input field, and described phrase is separated by the special character in described input field;
Described abnormal use-case generates and grammar construct determining unit, and also, for determining phrase and the value thereof of the abnormal use-case generating, described phrase is separated by the special character in described abnormal use-case;
Described comparing unit, also when have the position of at least one special character identical when the grammar construct of described abnormal use-case and the grammar construct of described input field, the further value taking described at least one special character as the phrase of prefix/postfix in more described abnormal use-case and described legal content;
Described screening unit, also in the time that the value taking described at least one special character as the phrase of prefix/postfix is identical, is the higher priority of this test case setting.
12. devices according to claim 11, is characterized in that, described grammar construct and described phrase and value thereof are described by following any mode:
Prefix trees automat, deterministic finite automaton and regular expression.
Device described in 13. according to Claim 8 to 12 are arbitrary, is characterized in that,
Described input field is variable length.
14. devices according to claim 13, is characterized in that, the abnormal use-case generating comprises following one or more:
Overlength character string, format string and code/script character string.
The test case of 15. 1 kinds of fuzz testings generates equipment, comprising:
Storer, for stores executable instructions;
Processor, for according to stored executable instruction, carries out the method as described in any one claim in claim 1-7.
16. 1 kinds of machine readable medias, store executable instruction on it, in the time that described executable instruction is performed, make machine carry out the method as described in any one claim in claim 1-7.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210496983.3A CN103853650B (en) | 2012-11-28 | 2012-11-28 | A kind of method for generating test case of fuzz testing and device |
PCT/EP2013/074304 WO2014082908A1 (en) | 2012-11-28 | 2013-11-20 | Method and apparatus for generating test case for fuzz test |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210496983.3A CN103853650B (en) | 2012-11-28 | 2012-11-28 | A kind of method for generating test case of fuzz testing and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103853650A true CN103853650A (en) | 2014-06-11 |
CN103853650B CN103853650B (en) | 2017-03-01 |
Family
ID=49683695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210496983.3A Expired - Fee Related CN103853650B (en) | 2012-11-28 | 2012-11-28 | A kind of method for generating test case of fuzz testing and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103853650B (en) |
WO (1) | WO2014082908A1 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320312A (en) * | 2014-11-20 | 2015-01-28 | 国家电网公司 | Network application safety test tool and fuzz test case generation method and system |
CN105335657A (en) * | 2015-12-07 | 2016-02-17 | 珠海市君天电子科技有限公司 | Program bug detection method and device |
CN105512562A (en) * | 2015-12-01 | 2016-04-20 | 珠海市君天电子科技有限公司 | Vulnerability mining method and device and electronic equipment |
CN105868095A (en) * | 2015-01-22 | 2016-08-17 | 阿里巴巴集团控股有限公司 | Method for generating testing data and device thereof |
CN106506280A (en) * | 2016-11-24 | 2017-03-15 | 工业和信息化部电信研究院 | The communication protocol method of testing of intelligent home device and system |
CN106610899A (en) * | 2016-12-30 | 2017-05-03 | 中国科学院长春光学精密机械与物理研究所 | Test case generation method and device |
CN109145609A (en) * | 2018-09-06 | 2019-01-04 | 平安科技(深圳)有限公司 | A kind of data processing method and device |
CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
CN110401581A (en) * | 2019-07-22 | 2019-11-01 | 杭州电子科技大学 | Industry control agreement fuzz testing case generation method based on flow retrospect |
CN110427328A (en) * | 2019-08-07 | 2019-11-08 | 北京字节跳动网络技术有限公司 | Text handling method, device, equipment and storage medium |
CN111813653A (en) * | 2020-05-28 | 2020-10-23 | 杭州览众数据科技有限公司 | Data anomaly testing method and automatic testing tool related to field content |
CN115396332A (en) * | 2022-06-20 | 2022-11-25 | 内蒙古电力(集团)有限责任公司内蒙古超高压供电分公司 | Fuzzy test method of power communication protocol, terminal equipment and storage medium |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10108536B2 (en) * | 2014-12-10 | 2018-10-23 | General Electric Company | Integrated automated test case generation for safety-critical software |
CN105512025B (en) * | 2014-12-31 | 2019-01-15 | 哈尔滨安天科技股份有限公司 | Fuzz engine optimization method and system based on simulation message |
CN106294102B (en) * | 2015-05-20 | 2021-04-09 | 腾讯科技(深圳)有限公司 | Application program testing method, client, server and system |
CN106067893A (en) * | 2016-09-14 | 2016-11-02 | 中山大学 | A kind of data interactive method based on Web |
US10983853B2 (en) | 2017-03-31 | 2021-04-20 | Microsoft Technology Licensing, Llc | Machine learning for input fuzzing |
CN110196804B (en) * | 2018-04-24 | 2022-03-11 | 腾讯科技(深圳)有限公司 | Service testing method and device, storage medium and electronic device |
CN109739755B (en) * | 2018-12-27 | 2020-07-10 | 北京理工大学 | Fuzzy test system based on program tracking and mixed execution |
US10831646B2 (en) | 2019-01-02 | 2020-11-10 | International Business Machines Corporation | Resources usage for fuzz testing applications |
CN110059010B (en) * | 2019-04-12 | 2023-01-31 | 西北工业大学 | Buffer overflow detection method based on dynamic symbol execution and fuzzy test |
CN110113227B (en) * | 2019-04-18 | 2022-08-02 | 上海大学 | Variational self-coding fuzzy test case generation method |
CN112055003B (en) * | 2020-08-26 | 2022-12-23 | 上海电力大学 | Method for generating private protocol fuzzy test case based on byte length classification |
CN112506795A (en) * | 2020-12-18 | 2021-03-16 | 国家工业信息安全发展研究中心 | Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment |
CN112905493B (en) * | 2021-04-07 | 2023-07-18 | 南京大学 | Structured fuzzy test method based on conversion test |
CN116881058A (en) * | 2023-07-19 | 2023-10-13 | 凯云联创(北京)科技有限公司 | Fuzzy test method for embedded equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090319832A1 (en) * | 2008-06-23 | 2009-12-24 | International Business Machines Corporation | Method and apparatus of effective functional test data generation for web service testing |
CN101833503A (en) * | 2010-04-14 | 2010-09-15 | 武汉大学 | Test system for trusted software stack based on fuzzy technology |
CN101901183A (en) * | 2009-05-31 | 2010-12-01 | 西门子(中国)有限公司 | Method and device of test case for filtering |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8286133B2 (en) | 2007-12-19 | 2012-10-09 | Microsoft Corporation | Fuzzing encoded data |
-
2012
- 2012-11-28 CN CN201210496983.3A patent/CN103853650B/en not_active Expired - Fee Related
-
2013
- 2013-11-20 WO PCT/EP2013/074304 patent/WO2014082908A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090319832A1 (en) * | 2008-06-23 | 2009-12-24 | International Business Machines Corporation | Method and apparatus of effective functional test data generation for web service testing |
CN101901183A (en) * | 2009-05-31 | 2010-12-01 | 西门子(中国)有限公司 | Method and device of test case for filtering |
CN101833503A (en) * | 2010-04-14 | 2010-09-15 | 武汉大学 | Test system for trusted software stack based on fuzzy technology |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320312B (en) * | 2014-11-20 | 2018-01-02 | 国家电网公司 | Network application safe test tool and fuzz testing case generation method and system |
CN104320312A (en) * | 2014-11-20 | 2015-01-28 | 国家电网公司 | Network application safety test tool and fuzz test case generation method and system |
CN105868095A (en) * | 2015-01-22 | 2016-08-17 | 阿里巴巴集团控股有限公司 | Method for generating testing data and device thereof |
CN105512562A (en) * | 2015-12-01 | 2016-04-20 | 珠海市君天电子科技有限公司 | Vulnerability mining method and device and electronic equipment |
CN105512562B (en) * | 2015-12-01 | 2018-12-25 | 珠海市君天电子科技有限公司 | Vulnerability mining method and device and electronic equipment |
CN105335657B (en) * | 2015-12-07 | 2019-04-05 | 珠海豹趣科技有限公司 | A kind of program bug detection method and device |
CN105335657A (en) * | 2015-12-07 | 2016-02-17 | 珠海市君天电子科技有限公司 | Program bug detection method and device |
CN106506280A (en) * | 2016-11-24 | 2017-03-15 | 工业和信息化部电信研究院 | The communication protocol method of testing of intelligent home device and system |
CN106506280B (en) * | 2016-11-24 | 2019-10-01 | 工业和信息化部电信研究院 | The communication protocol test method and system of smart home device |
CN106610899B (en) * | 2016-12-30 | 2020-01-14 | 中国科学院长春光学精密机械与物理研究所 | Test case generation method and device |
CN106610899A (en) * | 2016-12-30 | 2017-05-03 | 中国科学院长春光学精密机械与物理研究所 | Test case generation method and device |
CN109145609A (en) * | 2018-09-06 | 2019-01-04 | 平安科技(深圳)有限公司 | A kind of data processing method and device |
CN109145609B (en) * | 2018-09-06 | 2023-06-23 | 平安科技(深圳)有限公司 | Data processing method and device |
CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
CN109597767B (en) * | 2018-12-19 | 2021-11-12 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
CN110401581A (en) * | 2019-07-22 | 2019-11-01 | 杭州电子科技大学 | Industry control agreement fuzz testing case generation method based on flow retrospect |
CN110427328A (en) * | 2019-08-07 | 2019-11-08 | 北京字节跳动网络技术有限公司 | Text handling method, device, equipment and storage medium |
CN111813653A (en) * | 2020-05-28 | 2020-10-23 | 杭州览众数据科技有限公司 | Data anomaly testing method and automatic testing tool related to field content |
CN111813653B (en) * | 2020-05-28 | 2023-07-04 | 杭州览众数据科技有限公司 | Data exception testing method and automatic testing tool related to field content |
CN115396332A (en) * | 2022-06-20 | 2022-11-25 | 内蒙古电力(集团)有限责任公司内蒙古超高压供电分公司 | Fuzzy test method of power communication protocol, terminal equipment and storage medium |
CN115396332B (en) * | 2022-06-20 | 2024-03-15 | 内蒙古电力(集团)有限责任公司内蒙古超高压供电分公司 | Fuzzy test method for power communication protocol, terminal equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN103853650B (en) | 2017-03-01 |
WO2014082908A1 (en) | 2014-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103853650A (en) | Test case generating method and device for fuzz testing | |
US10831826B2 (en) | Validation of schema and schema conformance verification | |
CN103036730B (en) | A kind of method and device protocol realization being carried out to safety test | |
US10325097B2 (en) | Static detection of context-sensitive cross-site scripting vulnerabilities | |
JP6616774B2 (en) | Anti-malware type mobile content data management apparatus and method | |
CN106970820A (en) | Code storage method and code storage | |
Alkhalaf et al. | Verifying client-side input validation functions using string analysis | |
CN111124479B (en) | Method and system for analyzing configuration file and electronic equipment | |
CN103038762B (en) | Natural language processing device and method | |
CN104965781A (en) | Method and apparatus for generating test case | |
KR101696694B1 (en) | Method And Apparatus For Analysing Source Code Vulnerability By Using TraceBack | |
KR102273135B1 (en) | Apparatus and method for generating test input a software using symbolic execution | |
KR20060094851A (en) | System and method for testing a data format using targeted variant input | |
CN113254023B (en) | Object reading method and device and electronic equipment | |
WO2016046223A1 (en) | Efficient pattern matching | |
TWI746520B (en) | Method and device for compiling computer language | |
CN112363939A (en) | Method, system and equipment for quickly generating fuzzy test network protocol template | |
US20140359258A1 (en) | Declarative Configuration Elements | |
US8819645B2 (en) | Application analysis device | |
CN110286912A (en) | Code detection method, device and electronic equipment | |
Lavorato et al. | LL (k) optimization of a network protocol parser generator. | |
CN102609249A (en) | Configurable menu implementation method based on extensible markup language | |
JP5516277B2 (en) | Test case relation extraction method, test case relation extraction device, and test case relation extraction program | |
CN112182470A (en) | Webpage construction method, device and equipment | |
KR101900813B1 (en) | Apparatus and method for dynamic control-flow analysis for prescribing control-flow with Inputs generated from grammar |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170301 Termination date: 20171128 |
|
CF01 | Termination of patent right due to non-payment of annual fee |