CN105335657A - Program bug detection method and device - Google Patents
Program bug detection method and device Download PDFInfo
- Publication number
- CN105335657A CN105335657A CN201510896795.3A CN201510896795A CN105335657A CN 105335657 A CN105335657 A CN 105335657A CN 201510896795 A CN201510896795 A CN 201510896795A CN 105335657 A CN105335657 A CN 105335657A
- Authority
- CN
- China
- Prior art keywords
- value
- field information
- file
- target detection
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a program bug detection method, which comprises the following steps: analyzing the structure of an input file of a target program to obtain a field information set comprising at least one field information of the input file; finding out target field information for identifying the length from the field information of the field information set; and replacing the length value indicated by the target field information with a preset target test value, and carrying out vulnerability detection on the target program according to the target test value. The embodiment of the invention also discloses a program bug detection device. By adopting the embodiment of the invention, the problem of low vulnerability mining efficiency caused by large scale of generated test data can be solved.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of bug detection method and device.
Background technology
At present, the develop rapidly of infotech brings facility, but simultaneously, a large amount of leaks wherein existed also make current safety situation increasingly serious, and thus, various Hole Detection technology is arisen at the historic moment.Fuzz testing (Fuzztesting) is exactly a kind of Research on Discovering Software Vulnerabilities wherein; it is when carrying out discovering software vulnerabilities; by doing radom insertion to the input file of software; as done 0 ~ 0xFF conversion to each byte successively; generate test data; by this test data of this Bootload, and whether collapse by monitoring this software or occur whether abnormal next detection exists potential leak.But by doing 0 ~ 0xFF conversion to each byte, this just makes the test data of generation larger, causes Hole Detection efficiency lower.
Summary of the invention
Embodiment of the present invention technical matters to be solved is, provides a kind of bug detection method and device, the inefficient problem of Hole Detection that the test data scale for solving owing to generating causes greatly.
In order to solve the problems of the technologies described above, embodiments provide a kind of bug detection method, comprising:
The structure of the input file of target program is resolved, obtains the field information set of at least one field information comprising described input file;
The aiming field information for identification length is found out from the field information of described field information set;
The length value of described aiming field information instruction is replaced with pre-configured target detection value, and according to described target detection value, Hole Detection is carried out to described target program.
Optionally, describedly according to described target detection value, Hole Detection is carried out to described target program, comprising:
According to described target detection value, the field in described input file is changed, obtain the test data that described target detection value is corresponding;
Described test data is run, to carry out Hole Detection to described target program in described target program.
Optionally, described method also comprises:
Obtain the file layout of different file in advance, and be each file layout configuration test value corresponding with this file layout;
The described length value by described aiming field information instruction replaces with pre-configured target detection value, comprising:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
Optionally, replace with pre-configured target detection value at the described length value by the instruction of described aiming field information, and after carrying out Hole Detection according to described target detection value to described target program, described method also comprises:
The abnormal information that described in the testing process obtaining described Hole Detection, target program produces, and determine the test value that described abnormal information is corresponding;
The test value corresponding according to described abnormal information, upgrades the test value corresponding with described destination file format of configuration.
Optionally, described target detection value is pre-configured boundary value.
Correspondingly, the embodiment of the present invention additionally provides a kind of bug pick-up unit, comprising:
Parsing module, the structure for the input file to target program is resolved, and obtains the field information set of at least one field information comprising described input file;
Search module, for finding out the aiming field information for identification length in the field information from described field information set;
Replacement module, for replacing with pre-configured target detection value by the described length value searching the described aiming field information instruction that module searches goes out;
Detection module, for carrying out Hole Detection according to described target detection value to described target program.
Optionally, described detection module comprises:
Data generating unit, for changing the field in described input file according to described target detection value, obtains the test data that described target detection value is corresponding;
Processing unit, for running the described test data that described data generating unit generates in described target program, to carry out Hole Detection to described target program.
Optionally, described device also comprises:
Preset module for obtaining the file layout of different file in advance, and is each file layout configuration test value corresponding with this file layout;
Described replacement module specifically for:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
Optionally, described device also comprises:
Data obtaining module, for obtain described Hole Detection testing process described in the abnormal information that produces of target program, and determine the test value that described abnormal information is corresponding;
Update module, the test value that the described abnormal information for obtaining according to described data obtaining module is corresponding, upgrades the test value corresponding with described destination file format of configuration.
Optionally, described target detection value is pre-configured boundary value.
Implement the embodiment of the present invention, there is following beneficial effect:
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset test value, and according to this test value, Hole Detection is carried out to this target program, make the scale of the test data effectively reducing generation, thus effectively improve the detection efficiency of bug.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of bug detection method that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of the another kind of bug detection method that the embodiment of the present invention provides;
Fig. 3 is the structural representation of a kind of bug pick-up unit that the embodiment of the present invention provides;
Fig. 4 is the structural representation of the another kind of bug pick-up unit that the embodiment of the present invention provides;
Fig. 5 is the structural representation of a kind of terminal device that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The embodiment of the invention discloses a kind of bug detection method, device and terminal device, the inefficient problem of bug excavation that the test data scale owing to generating causes greatly can be solved.Below describe in detail respectively.
Refer to Fig. 1, Fig. 1 is the schematic flow sheet of a kind of bug detection method that the embodiment of the present invention provides.Concrete, as shown in Figure 1, the described bug detection method of the embodiment of the present invention can comprise the following steps:
101, the structure of the input file of target program is resolved, obtain the field information set of at least one field information comprising described input file.
Wherein, described target program is the program needing to carry out Hole Detection, and this input file can for carrying out the sample file of Hole Detection to this target program.Optionally, this input file can obtain according to the type information of described target program is pre-configured.
It should be noted that, the described method of the embodiment of the present invention can be applied particularly to terminal device, as smart mobile phone (as Android phone, iOS mobile phone etc.), panel computer, mobile internet device (MobileInternetDevices, be called for short " MID "), in the terminal device such as PC, the embodiment of the present invention does not limit.Thus the Hole Detection realized the program software being installed on this terminal device.
102, from the field information of described field information set, find out the aiming field information for identification length.
In specific embodiment, this input file comprises multiple field information, as the attribute field information etc. of the length field information for identification document content-length, attribute (as color, font etc.) for identification document content.Thus, the length field information for identification document content-length and aiming field information can be found out from the plurality of field information, and resolve the length value of this file content obtaining the instruction of this aiming field information further.
103, the length value of described aiming field information instruction is replaced with pre-configured target detection value, and according to described target detection value, Hole Detection is carried out to described target program.
In specific embodiment, can the more pre-configured test value of length value for replacing field information instruction, such as by some boundary value, as 10,0x10,20,0x20,100 etc. is as this test value.Concrete, after finding out this aiming field information for identification length and resolve the length value obtaining the instruction of this aiming field information, namely by this preset target detection value as this boundary value replace this aiming field information instruction length value, thus carry out bug detection according to this target detection value, and no longer 0 ~ 0xFF is done to each byte and even more convert, make to improve Hole Detection efficiency.
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset test value, and according to this test value, Hole Detection is carried out to this target program, make the scale of the test data effectively reducing generation, thus effectively improve the detection efficiency of bug.
Further, refer to Fig. 2, Fig. 2 is the schematic flow sheet of the another kind of bug detection method that the embodiment of the present invention provides.Concrete, as shown in Figure 2, the described bug detection method of the embodiment of the present invention can comprise the following steps:
201, the structure of the input file of target program is resolved, obtain the field information set of at least one field information comprising described input file.
202, from the field information of described field information set, find out the aiming field information for identification length.
Wherein, described target program is the program needing to carry out Hole Detection, and this input file can for the pre-configured sample file this target program being carried out to Hole Detection.
Concrete, at needs, Hole Detection (being also called bug excavation) is done to a certain application program and target program, then can be this target program choose sample file and be loaded in this target program, and can resolve the structure of this sample file and input file, resolve the field information set obtaining the multiple field informations comprised in this input file.Such as, this target program is office software, this input file is word file, then can parse the field information etc. of the field information for identifying text excursion, the field information for identification document content-length and the attribute for identification document content (as color, font etc.) from this word file.Thus terminal device can find out field information for identification length and aiming field information from the plurality of field information, and resolve the length value of this file content obtaining the instruction of this aiming field information further.Wherein, this aiming field information being used for identification length for one or more, if multiple, then can resolve the length value obtaining the instruction of each aiming field information respectively.
203, the length value of described aiming field information instruction is replaced with pre-configured target detection value, wherein, described target detection value is pre-configured boundary value.
Concrete, be all cause because do not control input and output border well because program starts a leak usually, and program is when developing, and generally all can use some boundary values.Therefore, can the more pre-configured boundary value of length value for replacing field information instruction, i.e. target detection value, as 10,0x10,20,0x20,100,0x100 etc.
Optionally, also can obtain the file layout of different file in advance, and be each file layout configuration test value corresponding with this file layout.Namely preset as boundary value of test value is carried out according to file layout.Then the described length value by described aiming field information instruction replaces with pre-configured target detection value, can be specially: determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format; Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
204, according to described target detection value, the field in described input file is changed, obtain the test data that described target detection value is corresponding.
205, in described target program, described test data is run, to carry out Hole Detection to described target program.
Concrete, resolving the length value that obtains the instruction of this aiming field information and after determining that the target detection value of replacement is as boundary value, the length value that this aiming field information indicates can be replaced with this boundary value, thus according to this boundary value, the field in this input file is changed, be such as 10 at boundary value, 0x10, 20, during 0x20, then can do 0 to the field in input file, 0x10, 20, 0x20 converts, generate the test data that this input file is corresponding, and this test data is run in this target program, thus realize detecting the bug of this target program, and no longer take turns doing 0 ~ 0xFF conversion, this just makes the test data scale generated by this conversion reduce, thus improve Hole Detection efficiency.Further, in order to promote the validity of this Hole Detection result, also can using this boundary value and neighbouring value thereof all as this target detection value, such as by 9,10,11,0xF, 0x10,0x11,0x1F, 0x20,0x21 are all as this target detection value.For example, for byte byte, use the mode of conventional stochastic generation data can produce 256 groups of test datas (Fuzz data), and pass through the Hole Detection scheme of replacing based on boundary value of the embodiment of the present invention, then only can produce 48 groups of test datas, effectively reduce test data scale, and ensure that the validity of Hole Detection simultaneously.
Further alternative, pre-configured target detection value is replaced with at the described length value by described aiming field information instruction, and after according to described target detection value Hole Detection being carried out to described target program, the abnormal information that described in the testing process that terminal device also can obtain described Hole Detection, target program produces, and determine the test value that described abnormal information is corresponding; The test value corresponding according to described abnormal information, upgrades the test value corresponding with described destination file format of configuration.By this renewal rewards theory, make to improve the accuracy according to the preset target detection value of this file layout.
Further, after according to this target detection value Hole Detection being carried out to target program, terminal device also can generate the examining report of the abnormal information that this target program produces in the testing process comprising this Hole Detection, so that dependence test personnel carry out leak maintenance according to this examining report.
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset boundary value, and according to this boundary value, the field in this input file is changed, in this target program, this test data is run after obtaining test data corresponding to this boundary value, thus the Hole Detection realized this target program, make the scale of the test data effectively reducing generation, and effectively improve bug detection efficiency.
Refer to Fig. 3, Fig. 3 is the structural representation of a kind of bug pick-up unit that the embodiment of the present invention provides.Concrete, as shown in Figure 3, the described bug pick-up unit of the embodiment of the present invention can comprise parsing module 11, searches module 12, replacement module 13 and detection module 14.Wherein,
Described parsing module 11, the structure for the input file to target program is resolved, and obtains the field information set of at least one field information comprising described input file.
Wherein, described target program is the program needing to carry out Hole Detection, and this input file can for carrying out the sample file of Hole Detection to this target program.Optionally, this input file can obtain according to the type information of described target program is pre-configured.
It should be noted that, the described device of the embodiment of the present invention specifically can be arranged at terminal device, as smart mobile phone (as Android phone, iOS mobile phone etc.), panel computer, mobile internet device (MobileInternetDevices, be called for short " MID "), in the terminal device such as PC, the embodiment of the present invention does not limit.Thus the Hole Detection realized the program software being installed on this terminal device.
Describedly search module 12, for finding out the aiming field information for identification length in the field information from described field information set.
In specific embodiment, this input file comprises multiple field information, as the length field information for identification document content-length, the attribute field information for identification document contents attribute etc.Thus, search module 12 and can resolve the multiple field informations obtained from this parsing module 11 the length field information and aiming field information that find out for identification document content-length.
Described replacement module 13, for replacing with pre-configured target detection value by the described length value searching the described aiming field information instruction that module 12 finds out.
Described detection module 14, for carrying out Hole Detection according to described target detection value to described target program.
Optionally, described target detection value is pre-configured boundary value.
In specific embodiment, can the more pre-configured test value of length value for replacing field information instruction in this terminal device, such as by some boundary value, as 10,0x10,20,0x20,100 etc. is as this test value.Concrete, after searching module 12 and finding out this aiming field information for identification length, replacement module 13 can resolve the length value obtaining the instruction of this aiming field information, and by this preset target detection value as boundary value replace this aiming field information instruction length value, thus detection module 14 can carry out bug detection according to this target detection value, and no longer 0 ~ 0xFF is done to each byte and even more convert, make to improve Hole Detection efficiency.
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset test value, and according to this test value, Hole Detection is carried out to this target program, make the scale of the test data effectively reducing generation, thus effectively improve the detection efficiency of bug.
Further, refer to Fig. 4, Fig. 4 is the structural representation of the another kind of bug pick-up unit that the embodiment of the present invention provides.Concrete, as shown in Figure 4, the described device of the embodiment of the present invention can comprise the bug pick-up unit in the corresponding embodiment of above-mentioned Fig. 3 parsing module 11, search module 12, replacement module 13 and detection module 14.Further, in embodiments of the present invention, described detection module 14 can specifically comprise:
Data generating unit 141, for changing the field in described input file according to described target detection value, obtains the test data that described target detection value is corresponding;
Processing unit 142, for running the described test data that described data generating unit 141 generates in described target program, to carry out Hole Detection to described target program.
Concrete, at needs, Hole Detection (being also called bug excavation) is done to a certain application program and target program, then can be this target program choose sample file and be loaded in this target program, and resolved by the structure of parsing module 11 to this sample file and input file, resolve the field information set obtaining the multiple field informations comprised in this input file.Such as, this target program is office software, this input file is word file, then parsing module 11 can parse the field information etc. of field information, the field information for identification document content-length and the attribute for identification document content (as color, font etc.) for identifying text excursion from this word file.Thus search module 12 can find out field information for identification length and aiming field information from the plurality of field information, and the length value of this file content obtaining the instruction of this aiming field information is resolved further by replacement module 13, after this length value being replaced based on preset target detection value, realize Hole Detection.Wherein, this aiming field information being used for identification length for one or more, if multiple, then can resolve the length value obtaining the instruction of each aiming field information respectively.
Further, be all cause because do not control input and output border well because program starts a leak usually, and program is when developing, and generally all can use some boundary values.Therefore, can the more pre-configured boundary value of length value for replacing field information instruction in this terminal device, i.e. target detection value, as 10,0x10,20,0x20,100,0x100 etc.Thus, the length value that obtains the instruction of this aiming field information is resolved and after determining that the target detection value of replacement is as boundary value at replacement module 13, the length value that this aiming field information indicates can be replaced with this boundary value, thus data generating unit 141 can be changed the field in this input file according to this boundary value, be such as 10 at boundary value, 0x10, 20, during 0x20, then can do 0 to the field in input file, 0x10, 20, 0x20 converts, generate the test data that this input file is corresponding, processing unit 142 can run this test data in this target program, thus realize detecting the bug of this target program, and no longer take turns doing 0 ~ 0xFF conversion, this just makes the test data scale generated by this conversion reduce, thus improve Hole Detection efficiency.Further, in order to promote the validity of this Hole Detection result, also can using this boundary value and neighbouring value thereof all as this target detection value, such as by 9,10,11,0xF, 0x10,0x11,0x1F, 0x20,0x21 are all as this target detection value.Thus effectively reduce test data scale, but validity does not obviously reduce.
Optionally, in embodiments of the present invention, described device also can comprise (not shown) further:
Preset module 15 for obtaining the file layout of different file in advance, and is each file layout configuration test value corresponding with this file layout;
Described replacement module 13 can be specifically for:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
Further alternative, in embodiments of the present invention, described device also can comprise (not shown):
Data obtaining module 16, for obtain described Hole Detection testing process described in the abnormal information that produces of target program, and determine the test value that described abnormal information is corresponding;
Update module 17, the test value that the described abnormal information for obtaining according to described data obtaining module 16 is corresponding, upgrades the test value corresponding with described destination file format of configuration.
Further, detection module 14 is after carrying out Hole Detection according to this target detection value to target program, also can generate the examining report of the abnormal information that this target program produces in the testing process comprising this Hole Detection, so that dependence test personnel carry out leak maintenance according to this examining report.
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset boundary value, and according to this boundary value, the field in this input file is changed, in this target program, this test data is run after obtaining test data corresponding to this boundary value, thus the Hole Detection realized this target program, make the scale of the test data effectively reducing generation, and effectively improve bug detection efficiency.
Refer to Fig. 5, Fig. 5 is the structural representation of a kind of terminal device that the embodiment of the present invention provides.Concrete, as shown in Figure 5, the described terminal device of the embodiment of the present invention can comprise: at least one processor 100, at least one input media 200, at least one output unit 300, assembly such as storer 500 grade.Wherein, these assemblies are communicated to connect by one or more bus 400.It will be appreciated by those skilled in the art that, the structure of the terminal device shown in Fig. 5 does not form the restriction to the embodiment of the present invention, it both can be busbar network, also can be hub-and-spoke configuration, the parts more more or less than diagram can also be comprised, or combine some parts, or different parts are arranged.Wherein:
Processor 100 is the control center of terminal device, utilize the various piece of various interface and the whole terminal device of connection, by running or perform the program in storer 500 of being stored in and/or module, and call the data be stored in storer 500, to perform various function and the process data of terminal device.Processor 100 by integrated circuit (IntegratedCircuit is called for short IC) composition, such as, can be made up of the IC of single encapsulation, also can be made up of the encapsulation IC connecting many identical functions or difference in functionality.For example, processor 100 can only comprise central processing unit (CentralProcessingUnit, be called for short CPU), also can be CPU, digital signal processor (digitalsignalprocessor, be called for short DSP), the combination of graphic process unit (GraphicProcessingUnit, be called for short GPU) and various control chip.In embodiments of the present invention, CPU can be single arithmetic core, also can comprise multioperation core.
Input media 200 can comprise the touch-screen of standard, keyboard, shooting are first-class, also can include line interface, wave point etc.
Output unit 300 can comprise display screen, loudspeaker etc., also can include line interface, wave point etc.
Storer 500 can be used for storing software program and module, processor 100, input media 200 and output unit 300 are stored in software program in storer 500 and module by calling, thus perform the various functions application of terminal device and realize data processing.Storer 500 mainly comprises program storage area and data storage area, and wherein, program storage area can store operating system, application program etc. needed at least one function; Data storage area can store the data etc. created according to the use of terminal device.In embodiments of the present invention, operating system can be android system, iOS system or Windows operating system etc.
Concrete, processor 100 calls the application program be stored in storer 500, for performing following steps:
The structure of the input file of target program is resolved, obtains the field information set of at least one field information comprising described input file;
The aiming field information for identification length is found out from the field information of described field information set;
The length value of described aiming field information instruction is replaced with pre-configured target detection value, and according to described target detection value, Hole Detection is carried out to described target program.
Optionally, processor 100 calls and is stored in application program in storer 500 and performs and describedly carry out Hole Detection according to described target detection value to described target program, specifically performs following steps:
According to described target detection value, the field in described input file is changed, obtain the test data that described target detection value is corresponding;
Described test data is run, to carry out Hole Detection to described target program in described target program.
Optionally, processor 100 calls the application program be stored in storer 500, also for performing following steps:
Obtain the file layout of different file in advance, and be each file layout configuration test value corresponding with this file layout;
Processor 100 calls the described length value by described aiming field information instruction of the application program execution be stored in storer 500 and replaces with pre-configured target detection value, specifically performs following steps:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
Optionally, processor 100 calls the described length value by described aiming field information instruction of the application program execution be stored in storer 500 and replaces with pre-configured target detection value, and after according to described target detection value Hole Detection being carried out to described target program, also for performing following steps:
The abnormal information that described in the testing process obtaining described Hole Detection, target program produces, and determine the test value that described abnormal information is corresponding;
The test value corresponding according to described abnormal information, upgrades the test value corresponding with described destination file format of configuration.
Optionally, described target detection value is pre-configured boundary value.
In embodiments of the present invention, structure by the input file to target program is resolved, obtain multiple field informations of this input file, and the aiming field information found out from the plurality of field information for identification length, thus the length value that this aiming field information indicates is replaced with preset test value, and according to this test value, Hole Detection is carried out to this target program, make the scale of the test data effectively reducing generation, thus effectively improve bug detection efficiency.
In the description of this instructions, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " specific embodiment " " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term not must for be identical embodiment or example.And the specific features of description, structure, material or feature can combine in one or more embodiment in office or example in an appropriate manner.In addition, when not conflicting, the feature of the different embodiment described in this instructions or example and different embodiment or example can carry out combining and combining by those skilled in the art.
In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or imply the quantity indicating indicated technical characteristic.Thus, be limited with " first ", the feature of " second " can express or impliedly comprise at least one this feature.In describing the invention, the implication of " multiple " is at least two, such as two, three etc., unless otherwise expressly limited specifically.
Describe and can be understood in process flow diagram or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
In flow charts represent or in this logic otherwise described and/or step, such as, the sequencing list of the executable instruction for realizing logic function can be considered to, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise the system of processor or other can from instruction execution system, device or equipment instruction fetch and perform the system of instruction) use, or to use in conjunction with these instruction execution systems, device or equipment.With regard to this instructions, " computer-readable medium " can be anyly can to comprise, store, communicate, propagate or transmission procedure for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wiring, portable computer diskette box (magnetic device), random access memory (RAM), ROM (read-only memory) (ROM), erasablely edit ROM (read-only memory) (EPROM or flash memory), fiber device, and portable optic disk ROM (read-only memory) (CDROM).In addition, computer-readable medium can be even paper or other suitable media that can print described program thereon, because can such as by carrying out optical scanning to paper or other media, then carry out editing, decipher or carry out process with other suitable methods if desired and electronically obtain described program, be then stored in computer memory.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, revises, replace and modification.
Claims (10)
1. a bug detection method, is characterized in that, comprising:
The structure of the input file of target program is resolved, obtains the field information set of at least one field information comprising described input file;
The aiming field information for identification length is found out from the field information of described field information set;
The length value of described aiming field information instruction is replaced with pre-configured target detection value, and according to described target detection value, Hole Detection is carried out to described target program.
2. method according to claim 1, is characterized in that, describedly carries out Hole Detection according to described target detection value to described target program, comprising:
According to described target detection value, the field in described input file is changed, obtain the test data that described target detection value is corresponding;
Described test data is run, to carry out Hole Detection to described target program in described target program.
3. method according to claim 2, is characterized in that, described method also comprises:
Obtain the file layout of different file in advance, and be each file layout configuration test value corresponding with this file layout;
The described length value by described aiming field information instruction replaces with pre-configured target detection value, comprising:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
4. method according to claim 3, it is characterized in that, replace with pre-configured target detection value at the described length value by the instruction of described aiming field information, and after carrying out Hole Detection according to described target detection value to described target program, described method also comprises:
The abnormal information that described in the testing process obtaining described Hole Detection, target program produces, and determine the test value that described abnormal information is corresponding;
The test value corresponding according to described abnormal information, upgrades the test value corresponding with described destination file format of configuration.
5. the method according to any one of claim 1-4, is characterized in that, described target detection value is pre-configured boundary value.
6. a bug pick-up unit, is characterized in that, comprising:
Parsing module, the structure for the input file to target program is resolved, and obtains the field information set of at least one field information comprising described input file;
Search module, for finding out the aiming field information for identification length in the field information from described field information set;
Replacement module, for replacing with pre-configured target detection value by the described length value searching the described aiming field information instruction that module searches goes out;
Detection module, for carrying out Hole Detection according to described target detection value to described target program.
7. device according to claim 6, is characterized in that, described detection module comprises:
Data generating unit, for changing the field in described input file according to described target detection value, obtains the test data that described target detection value is corresponding;
Processing unit, for running the described test data that described data generating unit generates in described target program, to carry out Hole Detection to described target program.
8. device according to claim 7, is characterized in that, described device also comprises:
Preset module for obtaining the file layout of different file in advance, and is each file layout configuration test value corresponding with this file layout;
Described replacement module specifically for:
Determine the destination file format that described input file is corresponding, and find out the test value corresponding with described destination file format;
Using the described test value that finds out as target detection value, and the length value of described aiming field information instruction is replaced with described target detection value.
9. device according to claim 8, is characterized in that, described device also comprises:
Data obtaining module, for obtain described Hole Detection testing process described in the abnormal information that produces of target program, and determine the test value that described abnormal information is corresponding;
Update module, the test value that the described abnormal information for obtaining according to described data obtaining module is corresponding, upgrades the test value corresponding with described destination file format of configuration.
10. the device according to any one of claim 6-9, is characterized in that, described target detection value is pre-configured boundary value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510896795.3A CN105335657B (en) | 2015-12-07 | 2015-12-07 | A kind of program bug detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510896795.3A CN105335657B (en) | 2015-12-07 | 2015-12-07 | A kind of program bug detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105335657A true CN105335657A (en) | 2016-02-17 |
| CN105335657B CN105335657B (en) | 2019-04-05 |
Family
ID=55286176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510896795.3A Active CN105335657B (en) | 2015-12-07 | 2015-12-07 | A kind of program bug detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105335657B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874403A (en) * | 2018-05-30 | 2018-11-23 | 深圳市分期乐网络科技有限公司 | Dissemination method, device, equipment and the storage medium of rule file |
| CN114978644A (en) * | 2022-05-13 | 2022-08-30 | 北京百度网讯科技有限公司 | Method and device for testing distribution network function of software |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853200A (en) * | 2010-05-07 | 2010-10-06 | 北京大学 | High-efficiency dynamic software vulnerability exploiting method |
| CN103425570A (en) * | 2012-05-22 | 2013-12-04 | 中国科学院软件研究所 | Fuzz optimization method based on file format |
| CN103617114A (en) * | 2013-10-23 | 2014-03-05 | 江苏大学 | Third-party component vulnerability test method based on conditions and parameter variations |
| CN103853650A (en) * | 2012-11-28 | 2014-06-11 | 西门子公司 | Test case generating method and device for fuzz testing |
| CN104573523A (en) * | 2013-10-24 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | File vulnerability mining realization method and device |
-
2015
- 2015-12-07 CN CN201510896795.3A patent/CN105335657B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853200A (en) * | 2010-05-07 | 2010-10-06 | 北京大学 | High-efficiency dynamic software vulnerability exploiting method |
| CN103425570A (en) * | 2012-05-22 | 2013-12-04 | 中国科学院软件研究所 | Fuzz optimization method based on file format |
| CN103853650A (en) * | 2012-11-28 | 2014-06-11 | 西门子公司 | Test case generating method and device for fuzz testing |
| CN103617114A (en) * | 2013-10-23 | 2014-03-05 | 江苏大学 | Third-party component vulnerability test method based on conditions and parameter variations |
| CN104573523A (en) * | 2013-10-24 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | File vulnerability mining realization method and device |
Non-Patent Citations (1)
| Title |
|---|
| 吴金龙 等: "基于变异的Fuzzing技术研究", 《信息安全与通信保密》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874403A (en) * | 2018-05-30 | 2018-11-23 | 深圳市分期乐网络科技有限公司 | Dissemination method, device, equipment and the storage medium of rule file |
| CN114978644A (en) * | 2022-05-13 | 2022-08-30 | 北京百度网讯科技有限公司 | Method and device for testing distribution network function of software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105335657B (en) | 2019-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2008176793A (en) | Software test system, method, and computer-readable recording medium having program stored for executing this method | |
| CN104866341A (en) | Component upgrading method and device and terminal | |
| CN112416318B (en) | Micro-service development method and device, storage medium and electronic equipment | |
| CN105653006A (en) | Method and device for saving electric quantity and electronic equipment | |
| CN105528287A (en) | Apparatus and method for unit test of code | |
| CN111124479B (en) | Method and system for analyzing configuration file and electronic equipment | |
| CN108763094B (en) | Test case generation method, device, equipment and storage medium | |
| CN105446864A (en) | Method and device for verifying influence of deletion of cache file and mobile terminal | |
| CN104657661A (en) | Method and device for detecting malicious code in mobile terminal | |
| CN104267980A (en) | Software score display method, terminal, data server and system | |
| CN105094862A (en) | Method for detecting whether application program is installed or not and browser | |
| CN115686631B (en) | Random instruction generation method and device based on knowledge base and storage medium | |
| CN103914654A (en) | Method and system for detecting malicious code during operation of Android ART | |
| CN103544298A (en) | Log analysis method and analysis device for component | |
| CN104123496A (en) | Rogue software interception method, device and terminal | |
| CN105335657A (en) | Program bug detection method and device | |
| CN104216820A (en) | Browser performance testing method and device and server | |
| CN103914212A (en) | Terminal device and application configuration method thereof | |
| CN112486492A (en) | Page generation method and device, storage medium and electronic equipment | |
| CN104200164A (en) | Loader virus searching and killing method, device and terminal | |
| CN104461603A (en) | Information processing method and electronic equipment | |
| CN104077528A (en) | Virus detection method and device and terminal | |
| CN103902445A (en) | Regression test object determination method and device | |
| CN104951325A (en) | Information display method and electronic equipment | |
| CN109783133B (en) | Code packaging method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181204 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |