CN104978532A - Vulnerability repair client logic testing method and system - Google Patents
Vulnerability repair client logic testing method and system Download PDFInfo
- Publication number
- CN104978532A CN104978532A CN201510373043.9A CN201510373043A CN104978532A CN 104978532 A CN104978532 A CN 104978532A CN 201510373043 A CN201510373043 A CN 201510373043A CN 104978532 A CN104978532 A CN 104978532A
- Authority
- CN
- China
- Prior art keywords
- leak
- simulation
- patch
- client
- reparation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a vulnerability repair client logic testing method and system to solve the problems of time consumption and influence on efficiency in a vulnerability repair client logic test. The method comprises the steps that: a bug repair client scans a system in a mode to search simulated bugs; if the simulated bugs are found, corresponding simulated bug patches are downloaded from a bug library of a server, wherein the simulated bug patches are used for generating simulated bug repair identifiers on the basis of remaining original system files of the system; the simulated bug patches are installed and the corresponding simulated bug repair identifiers are generated; the vulnerability repair client traverses all modes to finish the whole test process; and if all processes are executed normally, the bug repair client logic test is passed. According to the application, the patches are downloaded and installed very quickly, the repair client logic test time is shortened, and the test efficiency is improved.
Description
Technical field
The application relates to technical field of measurement and test, particularly relates to method of testing and system that a kind of leak repairs client logic.
Background technology
Leak repairs client by the configuration condition in vulnerability database (libleak), the leak which has need repair in scanning system, described configuration condition as, the detection that file exists, the detection of fileversion number, the detection etc. of registry entry.User can select the leak that will repair to repair.First download corresponding patch from external network server during reparation, then repair this patch of client call by leak and leak is repaired.
Leak is repaired client and is related to various logic when performing, and comprise start and play window reparation, backstage is repaired, and main interface is repaired, service packs signature check, downloads domain name verification, competing product logic, plays window logic etc.After client amendment being repaired to leak at every turn, all need to test above-mentioned logic carrying out one by one, test leak reparation client and performing in above-mentioned logic step whether there will be problem, a logic of in concrete enforcement, leak being repaired client, as a pattern of test, is therefore tested corresponding pattern and is had hundreds of even thousands of more than.But not all patch is all suitable for test, and when the patch execution associative mode being suitable for testing is tested, need to download corresponding patch and perform and repair operation, but more than the leak in a system is impossible infinite, all situations being suitable for test patch and all having repaired will inevitably be there is.Therefore typical patch is usually selected to test all patterns that leak repairs client.
In this process, system scan is to leak and after confirming to repair, leak repairs client needs download patches, and real patch often needs when patching bugs to perform a lot of operations, therefore patch is also larger, and the download of patch can be caused more consuming time.When installing after download patches, described patch needs execution discharge and upgrade the operations such as system file, therefore also needs to restart just to make patch come into force, also more consuming time according to patch process.
In sum, use patch to carry out implementation of test cases when repairing the logic of client test leak, be download patches and patch expending time in all be very installed, the efficiency that impact is tested.
Prior art is when testing leak and repairing the logic of client, and system scan is to leak and after confirming to repair, leak repairs client needs from the restriction due to network environment of outer net, and the download of patch can be caused more consuming time.When installing after download patches, described patch needs discharge and upgrade system file, and also want edit the registry etc., mending course is also more consuming time.
The application provides a kind of leak to repair the method for testing of client logic, and when repairing leak, download patches and installation patch all very fast, improve the efficiency of test.
With reference to Fig. 1, give a kind of leak described in the embodiment of the present application and repair the method for testing process flow diagram of client logic.
Step 11, leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern;
Leak is repaired client and is related to various logic when performing, and comprise start and play window reparation, backstage is repaired, and main interface is repaired, service packs signature check, downloads domain name verification, competing product logic, plays window logic etc.After client amendment being repaired to leak at every turn, all need to test above-mentioned logic carrying out one by one, test leak reparation client and performing in above-mentioned logic step whether there will be problem, in concrete enforcement, leak is repaired the pattern of a logic as test of client.
Leak repairs client when testing certain logic, can scan the leak searching simulation according to the pattern of correspondence to system.Therefore, when leak reparation client tests a kind of logic, can scan system according to a kind of pattern, carry out by scanning the leak that whether there is simulation in seeking system.Wherein, described a kind of logic is first logic that leak repairs client test.
Step 12, if the leak finding simulation, then downloads the leak patch of the simulation described in correspondence from the vulnerability database of server, and the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Prior art is when unloading to needing by system reducing to the state before not repairing, and the system file that namely will upgrade is deleted, and the registration table of amendment is reduced, and therefore just needs to restart system, equally very consuming time.
The leak of the application is repaired client and is only generated simulation leak reparation mark when the test of an execution pattern, therefore after this pattern test execution, before next pattern performs test, only simulation leak reparation mark need be deleted, do not need to restart, saving time very, further improves the efficiency of test.
Preferably, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described leak is repaired client and scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and is repaired file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
The leak that can preset the simulation of system scan is there is not simulation leak under the specific storage directory of system to repair file, such as, when there is not zz.dat file in the C dish that setting scans system, there is leak in this system, otherwise, if scan c: the situation of zz.dat, the C namely scanning system takes inventory at zz.dat file, then this system does not exist leak.
Therefore, when leak repairs client according to a certain Mode scans system, whether can there is simulation leak reparation file under the specific storage directory of scanning system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
Such as, when leak repairs client according to a kind of Mode scans system, under the specific storage directory of scanning system and C dish, whether can there is simulation leak reparation file and zz.dat.If the C dish scanning system does not exist zz.dat file, then find the leak of simulation, if the C scanning system takes inventory at zz.dat file, then do not found the leak of simulation.
The leak of corresponding this kind of simulation, the reparation of described simulation leak is designated simulation leak and repairs file, when therefore installing the leak patch of this simulation, can generate corresponding simulation leak and repair file under the specific storage directory of system.
To after pattern test execution, before next pattern performs test, only should deleting simulation leak and repair file.
Preferably, the leak of described simulation is that the specific registry entry of system does not exist simulation leak repair data, and described leak is repaired client and scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and whether be there is simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Leak repairs client according to a kind of Mode scans system, the leak that can preset the simulation of system scan is whether the specific registry entry of system exists simulation leak repair data, such as, the data of a certain item of certain registration table of initialization system are x, if rreturn value is 0 after scanning, then this registry entry does not simulate leak repair data, there is leak in this system, otherwise if rreturn value is x after scanning, then there is not leak in this system.
The leak of corresponding this kind of simulation, the reparation of described simulation leak is designated simulation leak and repairs file, when therefore installing the leak patch of this simulation, can generate corresponding simulation leak repair data at the specific registry entry of system.
To after pattern test execution, before next pattern performs test, only should deleting simulation leak repair data.
When system performs scanning according to the pattern of correspondence, can scan according to the leak of predetermined analog, if scan the leak of simulation, then corresponding execution repairs operation, otherwise continues to scan by other patterns, until test terminates.
The application adopts the leak of simulation to carry out alternative real leak, therefore can control according to the setting of the leak of the simulation preset to the leak of simulation.Therefore when scanning, whether there is simulation leak under only needing the specific storage directory of scanning system and repair file, or whether the specific registry entry of scanning system exists simulation leak repair data, can find leak fast, further improve the efficiency of test.
Preferably, for the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
The leak patch of simulation needs to be stored in vulnerability database, could download to the leak patch of the simulation described in correspondence when scanning the leak of simulation in vulnerability database.Therefore can set up server in advance, described server is set up for above-mentioned vulnerability database.And can be based upon in Intranet by server, described Intranet performs the local test of test and the internal network that connects, therefore can net control environment, make the speed of download of patch can not be subject to the impact of network environment.
Preferably, local test machine arranges leak and repairs client, in advance the patch of local test machine is downloaded domain name and point to server.
Leak can be repaired client and be arranged on local test machine by the application, leak repairs the leak patch that client needs to download simulation from the vulnerability database of server, therefore the host file of local test machine can be revised in advance, the patch of local test machine is downloaded domain name and points to server, such as, point to above-mentioned intranet server.
Preferably, write the leak patch of simulation in advance and name according to the naming method of true patch.
The application can write the leak patch of simulation in advance and name according to the leak patch of naming method to simulation of true patch.The naming method of true patch usually comprise patch for system, indefinite unique identification, corresponding platform and the system of certain language.
Such as, write an exe program in advance, using the leak patch of described exe program as simulation, then can arrange this exe program only c: generate the file of a zz.dat under catalogue, then it is zz.dat that corresponding simulation leak repairs file.Be WindowsXP-kb444441-x86-chs.exe by this exe program nomenclature, the leak patch name then simulated is called WindowsXP-kb444441-x86-chs, this title carries out naming according to the naming method of true patch, namely under representing WindowsXP system, unique identification and the patch of patch are numbered kb444441, x86 platform, chs is Chinese information processing system.
Preferably, in advance the leak patch of described simulation is kept in the vulnerability database of server, and in vulnerability database, adds information and the patch numbering of the leak patch of simulation, in the leak patch title of wherein said simulation, comprise patch numbering.
In Intranet, build emulating server in advance, and vulnerability database is set in emulating server, the environment of vulnerability database in vulnerability database Reality simulation server in emulating server.Can in advance the leak patch of simulation be kept in the vulnerability database of emulating server, and in vulnerability database, add information and the patch numbering of the leak patch of simulation, patch numbering is comprised in the leak patch title of wherein said simulation, such as go up the leak patch name simulated in example and be called WindowsXP-kb444441-x86-chs, wherein kb444441 is patch numbering.Wherein each patch numbering is the unique identification of patch, is therefore all unique.
Preferably, repair the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
Leak repairs in the test of client logic the leak the leak patch downloading the simulation described in correspondence that need to scan simulation, therefore can repair at leak the vulnerability information adding simulation in client in advance, according to the leak of the leak mark scanning search simulation in the vulnerability information of described simulation, after finding leak, can also according to the leak patch of the patch identifier lookup in the vulnerability information of described simulation to corresponding simulation.
Summary of the invention
This application provides method of testing and system that a kind of leak repairs client logic, expend time in the test solving leak reparation client logic, affect the problem of efficiency.
In order to solve the problem, this application discloses the method for testing that a kind of leak repairs client logic, comprising:
Leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern;
If find the leak of simulation, then from the vulnerability database of server, download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install the leak patch of this simulation and generate corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Leak is repaired client and is traveled through all patterns to complete whole test process;
If above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.
Preferably, after the leak patch simulation leak reparation mark that also generation is corresponding of described this simulation of installation, next pattern also comprises before performing and testing:
Delete the simulation leak reparation mark generated.
Preferably, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and is repaired file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, the leak of described simulation is that the specific registry entry of system does not exist simulation leak repair data,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and whether be there is simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
Preferably, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
Preferably, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and on the specific registry entry of system, adds corresponding simulation leak repair data.
Preferably, for the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
Preferably, local test machine arranges leak and repairs client, in advance the patch of local test machine is downloaded domain name and point to Intranet emulating server.
Preferably, write the leak patch of simulation in advance and name according to the naming method of true patch.
Preferably, in advance the leak patch of described simulation is kept in the vulnerability database of emulating server, and in vulnerability database, adds information and the patch numbering of the leak patch of simulation, in the leak patch title of wherein said simulation, comprise patch numbering.
Preferably, repair the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
Accordingly, disclosed herein as well is the test macro that a kind of leak repairs client logic, comprising:
First mode test module, specifically comprises following 3 submodules:
Scanning leak submodule, repairs client for leak and scans to system the leak searching simulation according to a kind of pattern;
Download patches submodule, if for the leak finding simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install patch submodule, for installing the leak patch of this simulation and generating corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Other pattern test modules, repair client for leak and travel through all patterns to complete whole test process;
Object module, if all perform normally for above-mentioned all processes, then the test of leak reparation client logic is passed through.
Preferably, described first mode test module, also comprises:
Delete patch submodule, for deleting the simulation leak reparation mark of generation.
Preferably, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule, comprising:
First scanning leak unit, repairs client for leak and repairs file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
Preferably, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule, comprising:
Second scanning leak unit, repairs client for leak and there is not simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
Preferably, described installation patch submodule comprises:
First installs patch unit, for installing the leak patch of this simulation, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
Second installs patch unit, for installing the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulation leak repair data.
Preferably, described system also comprises:
Set up server and vulnerability database module, for for the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
Preset and download domain name module, repairing client for arranging leak on local test machine, in advance the patch of local test machine being downloaded domain name and pointing to Intranet emulating server.
Write and name patch module, for writing the leak patch of simulation in advance and naming according to the naming method of true patch
Preserve patch module, for being kept in the vulnerability database of emulating server by the leak patch of described simulation in advance, and in vulnerability database, adding information and the patch numbering of the leak patch of simulation, in the title of the leak patch of wherein said simulation, comprising patch numbering.
Add information module, for repairing the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
Compared with prior art, the application comprises following advantage:
First, the application uses the leak of simulation to carry out alternative real leak, carrys out alternative real leak patch to the leak patch of application simulation.Therefore leak reparation client scans to system the leak searching simulation according to a kind of pattern, if find the leak of simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file, the leak patch of therefore simulating is smaller, and speed of download is than very fast.Then the leak patch of this simulation is installed and generates simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation, leak is repaired client and is traveled through all patterns to complete whole test process, if above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.The application does not need when installing patch to upgrade system file, and installation rate quickly.The application's download patches and installation patch all very fast, shorten the time of the test of repairing client logic, improve the efficiency of test as can be seen here.
Secondly, because after the test execution of a certain logic, also need the logic of testing other with this patch, therefore need to unload this patch.Prior art is when unloading to needing by system reducing to the state before not repairing, and the system file that namely will upgrade is deleted, and the registration table of amendment is reduced, and therefore just needs to restart system, equally very consuming time.The leak of the application is repaired client and is only generated simulation leak reparation mark when the test of an execution pattern, therefore after this pattern test execution, before next pattern performs test, only simulation leak reparation mark need be deleted, namely only need delete simulation leak and repair file, or delete simulation leak repair data, not need to restart, saving time very, further improves the efficiency of test.
Again, the application adopts the leak of simulation to carry out alternative real leak, therefore can control according to the setting of the leak of the simulation preset to the leak of simulation.Therefore when scanning, whether there is simulation leak under only needing the specific storage directory of scanning system and repair file, or whether the specific registry entry of scanning system exists simulation leak repair data, can find leak fast, further improve the efficiency of test.
Again, the application, for the vulnerability database storing the leak patch of simulating, sets up the server comprising described vulnerability database in advance, can control the download environment of leak patch in Intranet, therefore can not be subject to the impact of outer net environment during download flaw patch, further increase the speed of download of leak patch.
Accompanying drawing explanation
Fig. 1 is the method for testing process flow diagram that described in the embodiment of the present application, a kind of leak repairs client logic;
Fig. 2 is the test system structure figure that described in the embodiment of the present application, a kind of leak repairs client logic.
Embodiment
For enabling above-mentioned purpose, the feature and advantage of the application more become apparent, below in conjunction with the drawings and specific embodiments, the application is described in further detail.
In concrete enforcement, if found the leak of simulation in above-mentioned scanning and confirmed patching bugs, then from the vulnerability database of Intranet emulating server, download the leak patch of the simulation described in correspondence.
Wherein, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file.Described simulation leak reparation mark has been repaired for identifying this leak.
Step 13, installs the leak patch of this simulation and generates corresponding simulation leak reparation mark;
From the above, the leak patch of described simulation repairs file for generating simulation leak on the basis of retention system original system file.Therefore after downloading the leak patch of simulation, need the leak patch installing this simulation to repair corresponding leak, not revising the system file in original system when installing the leak patch of simulation, only generating the reparation that corresponding simulation leak reparation mark can complete leak.
Wherein, described simulation leak reparation mark completes for the leak reparation identifying simulation.
After step 13 performs, a kind of pattern that leak repairs client is finished, if described a kind of pattern performs normal, then performs step 14, otherwise debugs, until test execution is normal described a kind of pattern.
Step 14, leak is repaired client and is traveled through all patterns to complete whole test process;
Leak is repaired client and is next traveled through all patterns, and perform the process of above-mentioned steps 11 to step 13 to each pattern respectively, until all patterns that leak repairs client are finished, whole test process is finished.
Step 15, if above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.
Otherwise the test that leak repairs client logic is not passed through, can occur that the place of mistake is debugged to performing.
In sum, the application uses the leak of simulation to carry out alternative real leak, carrys out alternative real leak patch to the leak patch of application simulation.Therefore leak reparation client scans to system the leak searching simulation according to a kind of pattern, if find the leak of simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file, the leak patch of therefore simulating is smaller, and speed of download is than very fast.Then the leak patch of this simulation is installed and generates simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation, leak is repaired client and is traveled through all patterns to complete whole test process, if above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.The application does not need when installing patch to upgrade system file, and also do not need edit the registry, installation rate quickly.The application's download patches and installation patch all very fast, shorten the time of the test of repairing client logic, improve the efficiency of test as can be seen here.
Preferably, after the leak patch simulation leak reparation mark that also generation is corresponding of described this simulation of installation, next pattern also comprises before performing and testing:
Delete the simulation leak reparation mark generated.
In concrete enforcement, can write corresponding delete program and delete simulation leak reparation mark, can also repair after client associative mode is completed at leak, add cancel statement and delete simulation leak reparation mark, the application does not limit secondary.
Because leak is repaired client and is related to various logic when performing, leak can be repaired the pattern of a logic as test of client during test, but not all patch is all suitable for test, therefore usually select typical patch to test all patterns that leak repairs client.After a certain pattern is finished, also need the test performing other patterns with this patch, therefore need to unload this patch.
In concrete enforcement, leak mark can be set according to the leak of above-mentioned two kinds of simulations, the corresponding setting according to the leak patch of simulating in the vulnerability database of server, the setting identical to the configuration of patch mark, make after finding the leak of simulation, during according to described patch identifier lookup to corresponding leak patch of simulating, the leak patch for simulation corresponding to the leak of this simulation can be found and perform download in the vulnerability database of Intranet emulating server.
The application has added up respectively in concrete enforcement, and leak repairs the time that client uses the leak patch of real leak patch and use simulation, specifically discusses concrete data as table 1 below as example:
Table 1
When using real leak patch to test from the data of table 1 known leak reparation client, the test of each pattern needs the time to be roughly 483-1343s.And leak is repaired client and used the leak patch of simulation when testing, the test of each pattern needs the time to be roughly 14-24s.
When using real leak patch to test, download patches, patch being installed, restarting and patch is come into force, unload patch and after unloading, time of restarting all is no less than 100s, expending time in very.During the real patch of the installation in addition in win7 system, also there is the internal system repair mechanism that xp system does not have, therefore the set-up time can be longer
And when using the leak patch of simulation to test, only the download patches time the longlyest only has 10s also, can be very quick by the time using the leak patch of simulation to carry out testing, greatly improve testing efficiency, and without the need to any step of restarting in test process, automated procedures can be utilized to perform and to perform test fast, further increase testing efficiency.
With reference to Fig. 2, give a kind of leak described in the embodiment of the present application and repair the test system structure figure of client logic.
Accordingly, present invention also provides the test macro that a kind of leak repairs client logic, comprise first mode test module 15, other pattern test modules 16 and object module 17, wherein,
First mode test module 15, specifically comprises following 3 submodules:
Scanning leak submodule 151, repairs client for leak and scans to system the leak searching simulation according to a kind of pattern;
Download patches submodule 152, if for the leak finding simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install patch submodule 153, for installing the leak patch of this simulation and generating corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Other pattern test modules 16, repair client for leak and travel through all patterns to complete whole test process;
Object module 17, if all perform normally for above-mentioned all processes, then the test of leak reparation client logic is passed through.
Preferably, described system also comprises:
Delete patch submodule 154, for deleting the simulation leak reparation mark of generation.
The leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule 151, comprising:
First scanning leak unit 1511, repairs client for leak and repairs file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
The leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule 151, comprising:
Second scanning leak unit 1512, repairs client for leak and there is not simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
Patch submodule 153 is installed, comprises:
First installs patch unit 1531, for installing the leak patch of this simulation, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
Second installs patch unit 1532, for installing the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulation leak repair data.
Set up server and vulnerability database module 10, for for the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
Preset and download domain name module 11, repairing client for arranging leak on local test machine, in advance the patch of local test machine being downloaded domain name and pointing to Intranet emulating server.
Write and name patch module 12, for writing the leak patch of simulation in advance and naming according to the naming method of true patch
Preserve patch module 13, for in advance the leak patch of described simulation being kept in the vulnerability database of emulating server, and in vulnerability database, add information and the patch numbering of the leak patch of simulation, comprise patch numbering in the title of the leak patch of wherein said simulation.
Leak is repaired in the test of client logic and can be tested respectively the pattern of each, to should certain pattern test module of pattern identical with scanning leak submodule 141, all comprise corresponding submodule, such as, scan leak submodule, download patches submodule, patch submodule is installed and deletes patch submodule.
Add information module 14, for repairing the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
For system embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Embodiments of the invention disclose:
A1, a kind of leak repair the method for testing of client logic, it is characterized in that, comprising:
Leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern;
If find the leak of simulation, then from the vulnerability database of server, download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install the leak patch of this simulation and generate corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Leak is repaired client and is traveled through all patterns to complete whole test process;
If above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.
A2, method according to claim A1, is characterized in that, the leak patch of described this simulation of installation after generating corresponding simulation leak reparation mark, next pattern also comprises before performing test:
Delete the simulation leak reparation mark generated.
A3, method according to claim A1, is characterized in that, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and is repaired file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
A4, method according to claim A1, is characterized in that, the leak of described simulation is that the specific registry entry of system does not exist simulation leak repair data,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and whether be there is simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
A5, method according to claim A3, is characterized in that, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
A6, method according to claim A4, is characterized in that, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and on the specific registry entry of system, adds corresponding simulation leak repair data.
A7, method according to claim A1, is characterized in that, also comprise:
For the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
A8, method according to claim A1, is characterized in that, also comprise:
Local test machine arranges leak and repairs client, in advance the patch of local test machine is downloaded domain name and point to server.
A9, method according to claim A1, is characterized in that, also comprise:
Write the leak patch of simulation in advance and name according to the naming method of true patch.
A10, method according to claim A9, is characterized in that, also comprise:
In advance the leak patch of described simulation is kept in the vulnerability database of server, and in vulnerability database, adds information and the patch numbering of the leak patch of simulation, in the leak patch title of wherein said simulation, comprise patch numbering.
A11, method according to claim A1, is characterized in that, also comprise:
Repair the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
B12, a kind of leak repair the test macro of client logic, it is characterized in that, comprising:
First mode test module, specifically comprises following 3 submodules:
Scanning leak submodule, repairs client for leak and scans to system the leak searching simulation according to a kind of pattern;
Download patches submodule, if for the leak finding simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install patch submodule, for installing the leak patch of this simulation and generating corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Other pattern test modules, repair client for leak and travel through all patterns to complete whole test process;
Object module, if all perform normally for above-mentioned all processes, then the test of leak reparation client logic is passed through.
B13, system according to claim B12, it is characterized in that, described first mode test module, also comprises:
Delete patch submodule, for deleting the simulation leak reparation mark of generation.
B14, system according to claim B12, is characterized in that, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule, comprising:
First scanning leak unit, repairs client for leak and repairs file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
B15, system according to claim B12, is characterized in that, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file, and described scanning leak submodule, comprising:
Second scanning leak unit, repairs client for leak and there is not simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then find the leak of simulation, otherwise do not find the leak of simulation.
B16, system according to claim B14, is characterized in that, installs patch submodule and comprise:
First installs patch unit, for installing the leak patch of this simulation, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
B17, system according to claim B15, is characterized in that, installs patch submodule and comprise:
Second installs patch unit, for installing the leak patch of this simulation, and on the specific registry entry of system, adds corresponding simulation leak repair data.
B18, system according to claim B12, is characterized in that, also comprise:
Set up server and vulnerability database module, for for the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
B19, system according to claim B12, is characterized in that, also comprise:
Preset and download domain name module, repairing client for arranging leak on local test machine, in advance the patch of local test machine being downloaded domain name and pointing to Intranet emulating server.
B20, system according to claim B12, is characterized in that, also comprise:
Write and name patch module, for writing the leak patch of simulation in advance and naming according to the naming method of true patch
B21, system according to claim B20, is characterized in that, also comprise:
Preserve patch module, for being kept in the vulnerability database of emulating server by the leak patch of described simulation in advance, and in vulnerability database, adding information and the patch numbering of the leak patch of simulation, in the title of the leak patch of wherein said simulation, comprising patch numbering.
B22, system according to claim B12, is characterized in that, also comprise:
Add information module, for repairing the vulnerability information adding simulation in client in advance at leak, the vulnerability information of described simulation is for identifying the leak of simulation and corresponding leak patch of simulating.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
The application can describe in the general context of computer executable instructions, such as program module.Usually, program module comprises the routine, program, object, assembly, data structure etc. that perform particular task or realize particular abstract data type.Also can put into practice the application in a distributed computing environment, in these distributed computing environment, be executed the task by the remote processing devices be connected by communication network.In a distributed computing environment, program module can be arranged in the local and remote computer-readable storage medium comprising memory device.
Finally, also it should be noted that, in this article, such as a kind of and second etc. and so on relational terms is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, commodity or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, commodity or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment comprising described key element and also there is other identical element.
A kind of leak provided the application above repairs method of testing and the system of client logic, be described in detail, apply specific case herein to set forth the principle of the application and embodiment, the explanation of above embodiment is just for helping method and the core concept thereof of understanding the application; Meanwhile, for one of ordinary skill in the art, according to the thought of the application, all will change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the application.
Claims (10)
1. leak repairs a method of testing for client logic, it is characterized in that, comprising:
Leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern;
If find the leak of simulation, then from the vulnerability database of server, download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install the leak patch of this simulation and generate corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Leak is repaired client and is traveled through all patterns to complete whole test process;
If above-mentioned all processes all perform normally, then the test of leak reparation client logic is passed through.
2. method according to claim 1, is characterized in that, the leak patch of described this simulation of installation also, after the simulation leak reparation mark of generation correspondence, also comprises before next pattern execution test:
Delete the simulation leak reparation mark generated.
3. method according to claim 1, is characterized in that, the leak of described simulation is there is not simulation leak under the specific storage directory of system to repair file,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and is repaired file according to whether there is simulation leak under the specific storage directory of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
4. method according to claim 1, is characterized in that, the leak of described simulation is that the specific registry entry of system does not exist simulation leak repair data,
Described leak is repaired client and is scanned to system the leak searching simulation according to a kind of pattern, comprising:
Leak is repaired client and whether be there is simulation leak repair data according to the specific registry entry of a kind of Mode scans system, if do not exist, then finds the leak of simulation, otherwise does not find the leak of simulation.
5. method according to claim 3, is characterized in that, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and under the specific storage directory of system, generates corresponding simulation leak reparation file.
6. method according to claim 4, is characterized in that, the leak patch of described this simulation of installation also generates corresponding simulation leak reparation mark, comprising:
The leak patch of this simulation is installed, and on the specific registry entry of system, adds corresponding simulation leak repair data.
7. method according to claim 1, is characterized in that, also comprises:
For the vulnerability database storing the leak patch of simulating, set up the server comprising described vulnerability database in advance in Intranet.
8. method according to claim 1, is characterized in that, also comprises:
Local test machine arranges leak and repairs client, in advance the patch of local test machine is downloaded domain name and point to server.
9. method according to claim 1, is characterized in that, also comprises:
Write the leak patch of simulation in advance and name according to the naming method of true patch.
10. leak repairs a test macro for client logic, it is characterized in that, comprising:
First mode test module, specifically comprises following 3 submodules:
Scanning leak submodule, repairs client for leak and scans to system the leak searching simulation according to a kind of pattern;
Download patches submodule, if for the leak finding simulation, from the vulnerability database of server, then download the leak patch of the simulation described in correspondence, the leak patch of described simulation identifies for generating the reparation of simulation leak on the basis of retention system original system file;
Install patch submodule, for installing the leak patch of this simulation and generating corresponding simulation leak reparation mark, described simulation leak reparation mark completes for the leak reparation identifying simulation;
Other pattern test modules, repair client for leak and travel through all patterns to complete whole test process;
Object module, if all perform normally for above-mentioned all processes, then the test of leak reparation client logic is passed through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510373043.9A CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444861.5A CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
| CN201510373043.9A CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110444861.5A Division CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104978532A true CN104978532A (en) | 2015-10-14 |
| CN104978532B CN104978532B (en) | 2018-10-23 |
Family
ID=46480705
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110444861.5A Active CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
| CN201510373043.9A Active CN104978532B (en) | 2011-12-27 | 2011-12-27 | A kind of bug-fixing client logic testing method and bug-fixing client logic testing system |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110444861.5A Active CN102592084B (en) | 2011-12-27 | 2011-12-27 | A kind of leak repairs method of testing and the system of client logic |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN102592084B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845245A (en) * | 2016-12-21 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of hot restorative procedure of leak based on Xen virtual platforms |
| CN116720195A (en) * | 2023-07-06 | 2023-09-08 | 浙江齐安信息科技有限公司 | Operating system vulnerability identification method and system |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632098B (en) * | 2012-08-21 | 2019-05-10 | 腾讯科技(深圳)有限公司 | The method and device of patching bugs |
| CN102945351B (en) * | 2012-11-05 | 2015-10-28 | 中国科学院软件研究所 | Based on the mobile intelligent terminal security breaches restorative procedure of Quick Response Code under cloud environment |
| CN108345796A (en) * | 2017-05-02 | 2018-07-31 | 北京安天网络安全技术有限公司 | A kind of loophole reparation and host reinforcement means and system |
| CN107395593B (en) * | 2017-07-19 | 2020-12-04 | 深信服科技股份有限公司 | Vulnerability automatic protection method, firewall and storage medium |
| CN110287112B (en) * | 2019-06-25 | 2023-10-20 | 网易(杭州)网络有限公司 | Maintenance method and device for client and readable storage medium |
| CN110348220A (en) * | 2019-06-28 | 2019-10-18 | 北京威努特技术有限公司 | A kind of bug excavation method, loophole repair verification method, device and electronic equipment |
| CN111488287B (en) * | 2020-04-16 | 2023-05-16 | 南开大学 | Method and device for generating injection vulnerability test cases, medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN100493085C (en) * | 2005-07-08 | 2009-05-27 | 清华大学 | P2P worm defending system |
| CN101482846A (en) * | 2008-12-25 | 2009-07-15 | 上海交通大学 | Bug excavation method based on executable code conversed analysis |
| CN101986283A (en) * | 2010-11-16 | 2011-03-16 | 北京安天电子设备有限公司 | Method and system for detecting existed Windows system bugs |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040064722A1 (en) * | 2002-10-01 | 2004-04-01 | Dinesh Neelay | System and method for propagating patches to address vulnerabilities in computers |
| CN100401264C (en) * | 2005-06-06 | 2008-07-09 | 华为技术有限公司 | Data-driven automatic testing system and method |
-
2011
- 2011-12-27 CN CN201110444861.5A patent/CN102592084B/en active Active
- 2011-12-27 CN CN201510373043.9A patent/CN104978532B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN100493085C (en) * | 2005-07-08 | 2009-05-27 | 清华大学 | P2P worm defending system |
| CN101482846A (en) * | 2008-12-25 | 2009-07-15 | 上海交通大学 | Bug excavation method based on executable code conversed analysis |
| CN101986283A (en) * | 2010-11-16 | 2011-03-16 | 北京安天电子设备有限公司 | Method and system for detecting existed Windows system bugs |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845245A (en) * | 2016-12-21 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of hot restorative procedure of leak based on Xen virtual platforms |
| CN106845245B (en) * | 2016-12-21 | 2019-11-26 | 中国科学院信息工程研究所 | A kind of hot restorative procedure of loophole based on Xen virtual platform |
| CN116720195A (en) * | 2023-07-06 | 2023-09-08 | 浙江齐安信息科技有限公司 | Operating system vulnerability identification method and system |
| CN116720195B (en) * | 2023-07-06 | 2024-01-26 | 浙江齐安信息科技有限公司 | Operating system vulnerability identification method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104978532B (en) | 2018-10-23 |
| CN102592084A (en) | 2012-07-18 |
| CN102592084B (en) | 2015-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102592084B (en) | A kind of leak repairs method of testing and the system of client logic | |
| US9934385B2 (en) | System and method for implementing application policies among development environments | |
| US7240316B2 (en) | Apparatus and method to facilitate hierarchical netlist checking | |
| CN101046763A (en) | Implementing method of automatic test system based on scenario | |
| GB2508643A (en) | Method for Performing a Regression Test after Modifying Source Code File | |
| US7908596B2 (en) | Automatic inspection of compiled code | |
| US20220207150A1 (en) | Automatic correctness and performance measurement of binary transformation systems | |
| WO2019077738A1 (en) | Data verification device, data verification method, and data verification program | |
| CN111142922B (en) | Application program updating method, device, terminal and server | |
| US10394699B1 (en) | Method and system for reusing a refinement file in coverage grading | |
| US20130167138A1 (en) | Method and apparatus for simulating installations | |
| CN116893960A (en) | Code quality detection method, apparatus, computer device and storage medium | |
| CN116069635A (en) | SOC system testing method and device, computer equipment and storage medium | |
| US9117023B2 (en) | Dynamic generation of test segments | |
| CN107229650B (en) | Test method and device | |
| CN115034165A (en) | Chip simulation verification method, system, equipment and storage medium | |
| CN111177014B (en) | Software automatic test method, system and storage medium | |
| US7051301B2 (en) | System and method for building a test case including a summary of instructions | |
| US6829572B2 (en) | Method and system for efficiently overriding array net values in a logic simulator machine | |
| CN112307589A (en) | Unit working condition creating method and device, electronic equipment and storage medium | |
| CN117852048B (en) | Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method | |
| CN112380188B (en) | Construction method of working environment and code database, electronic equipment and storage medium | |
| CN112527657B (en) | Method and equipment for automatic pile insertion in unit test | |
| CN113703824B (en) | Multi-project software quality restoration method and system | |
| Niccoletti | An Innovative Strategy to Quickly Grade Functional Test Programs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220721 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |