CN114168479A - Vulnerability testing method and device, electronic equipment and storage medium - Google Patents

Vulnerability testing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114168479A
CN114168479A CN202111525524.9A CN202111525524A CN114168479A CN 114168479 A CN114168479 A CN 114168479A CN 202111525524 A CN202111525524 A CN 202111525524A CN 114168479 A CN114168479 A CN 114168479A
Authority
CN
China
Prior art keywords
statement
poc
converted
target
matching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111525524.9A
Other languages
Chinese (zh)
Inventor
杨珍
范渊
吴卓群
王欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202111525524.9A priority Critical patent/CN114168479A/en
Publication of CN114168479A publication Critical patent/CN114168479A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/366Software debugging using diagnostics

Abstract

The invention provides a vulnerability testing method and a related device, wherein the method comprises the following steps: obtaining a POC code to be converted, and searching an output statement in the POC code to be converted according to a preset field; converting POC codes to be converted into an execution tree by using a symbolic execution mode, and searching a path reaching an output statement in the execution tree; searching an execution statement corresponding to the path in the POC code to be converted, and performing format conversion on the execution statement according to an execution sequence to obtain a POC file; performing language conversion on the POC file to obtain a target POC code of a target language, and performing vulnerability detection by using the target POC code; the logic in the POC code to be converted can be efficiently analyzed by utilizing a symbolic execution mode, the execution statement reaching the output statement is determined, the format of the statement is converted to obtain a unified POC file, and then the file can be utilized to efficiently convert the code language, so that the POC code to be converted can be efficiently converted to the target language.

Description

Vulnerability testing method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of software testing, and in particular, to a vulnerability testing method and apparatus, an electronic device, and a storage medium.
Background
POC testing (Proof of Concept) is a validation test popular in the industry for customer specific applications. At present, POC testing is mainly performed by using a vulnerability testing framework to execute POC codes. However, the vulnerability testing framework is usually developed based on a certain development language, that is, the POC code is written using the development language, and if the code needs to be migrated to another framework, the POC code needs to be rewritten, which makes it difficult to efficiently migrate the POC code.
Disclosure of Invention
The invention aims to provide a vulnerability testing method, a vulnerability testing device, electronic equipment and a storage medium, which can efficiently analyze execution logic in POC codes to be converted, determine an execution statement reaching an output statement, perform code language conversion on the statement and efficiently convert the POC codes to be converted into a target language.
In order to solve the above technical problem, the present invention provides a vulnerability testing method, which includes:
obtaining a POC code to be converted, and searching an output statement in the POC code to be converted according to a preset field;
converting the POC code to be converted into an execution tree by utilizing a symbolic execution mode, and searching a path reaching the output statement in the execution tree;
searching for an execution statement corresponding to the path in the POC code to be converted, and performing format conversion on the execution statement according to an execution sequence to obtain a POC file;
and performing language conversion on the POC file to obtain a target POC code of a target language, and performing vulnerability detection by using the target POC code.
Optionally, the converting the format of the execution statement according to the execution order to obtain the POC file includes:
acquiring a preset POC file template and a preset matching object template in a JSON format;
setting the first execution statement as a statement to be processed according to the execution sequence, and determining the type of the statement to be processed;
if the statement to be processed is an HTTP request method calling statement, extracting a request information field in the statement to be processed, and filling the target field in a corresponding position in the POC file template; the request information field comprises a request method field, a URL field, a request header field and a request body field;
if the statement to be processed is a conditional statement, extracting an expression to be converted and a response object in the conditional statement, converting the expression to be converted into a matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted, and writing the matching object entry into a corresponding position of the POC file template; the matching object entries comprise relational matching object entries and logical matching object entries;
judging whether the statement to be processed is the last statement in the execution statements;
if yes, setting the preset POC file template which is written into the POC file as the POC file;
if not, setting the next execution statement as the statement to be processed according to the execution sequence, and entering the step of determining the type of the statement to be processed.
Optionally, the converting the expression to be converted into the matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted includes:
determining the type of the expression to be converted;
if the expression to be converted is a relational expression, extracting a matching information field in the expression to be converted, writing the matching information field into a corresponding position in the preset matching object template to obtain a first matching entry, and setting the first matching entry as the relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
if the expression to be converted is a logical expression comprising two relational expressions, extracting a logical operator in the expression to be converted, generating the first matching entry for the relational expression in the expression to be converted and setting the first matching entry as a sub-matching entry, writing the logical operator and the sub-matching entry into a corresponding position in the preset matching object template to obtain a second matching entry, and setting the second matching entry as the logical type matching object entry.
Optionally, the language converting the POC file to obtain a target POC code of a target language includes:
searching an HTTP request function corresponding to the target language according to a request method field in the POC file, and writing the URL field, the request header field and the request body field into a corresponding real parameter position in the HTTP request function to obtain an initial interface request statement;
establishing a corresponding relation between the initial interface request statement and the response object to obtain a target interface request statement;
determining the type of a matching object entry to be converted in the POC file;
if the matched object item to be converted is the relational matched object item, searching a corresponding preset statement template in a target language according to a response target in the matched object item to be converted, writing the response object, the response target attribute, the matching mode and the parameter value into the preset statement template to obtain a first target expression, and generating a target conditional statement by using the first target expression;
if the matching object item to be converted is the logic type matching object item, generating the first target expression for the sub-matching items in the matching object item to be converted and setting the first target expression as a sub-expression, splicing the sub-expressions according to the logic operator in the matching object item to be converted to obtain a second target expression, and generating the target conditional statement by using the second target expression;
generating the target POC code using the target interface request statement and the target conditional statement.
Optionally, the performing vulnerability detection by using the target POC code includes:
sending a target request to target equipment by using the target interface request statement, and receiving response information returned by the target equipment;
and utilizing the target conditional statement to carry out vulnerability detection on the response information.
The invention also provides a vulnerability testing device, comprising:
the device comprises an acquisition module, a conversion module and a conversion module, wherein the acquisition module is used for acquiring the POC code to be converted and searching an output statement in the POC code to be converted according to a preset field;
an execution tree conversion module, configured to convert the POC code to be converted into an execution tree in a symbolic execution manner, and search a path to the output statement in the execution tree;
a POC file conversion module, configured to search for an execution statement corresponding to the path in the POC code to be converted, and perform format conversion on the execution statement according to an execution order to obtain a POC file;
and the target language conversion module is used for performing language conversion on the POC file to obtain a target POC code of a target language and performing vulnerability detection by using the target POC code.
Optionally, the POC file conversion module includes:
the template obtaining submodule is used for obtaining a preset POC file template and a preset matching object template in a JSON format;
the first setting submodule is used for setting the first execution statement as a statement to be processed according to the execution sequence and determining the type of the statement to be processed;
a first conversion sub-module, configured to, if the to-be-processed statement is an HTTP request method invocation statement, extract a request information field in the to-be-processed statement, and fill the target field in a corresponding position in the POC file template; the request information field comprises a request method field, a URL field, a request header field and a request body field;
the second conversion submodule is used for extracting the expression to be converted and the response object in the conditional statement if the statement to be processed is the conditional statement, converting the expression to be converted into the matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted, and writing the matching object entry into the corresponding position of the POC file template; the matching object entries comprise relational matching object entries and logical matching object entries;
the judging submodule is used for judging whether the statement to be processed is the last statement in the execution statements;
a POC file generation submodule, configured to set, if yes, the written preset POC file template as the POC file;
and the second setting submodule is used for setting the next execution statement as the statement to be processed according to the execution sequence if the execution sequence is not the same as the execution sequence, and entering the step of determining the type of the statement to be processed.
Optionally, the second conversion sub-module includes:
the type determining unit is used for determining the type of the expression to be converted;
the first conversion unit is used for extracting a matching information field in the expression to be converted if the expression to be converted is a relational expression, writing the matching information field into a corresponding position in the preset matching object template to obtain a first matching entry, and setting the first matching entry as the relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
and the second conversion unit is used for extracting a logical operator in the expression to be converted if the expression to be converted is a logical expression comprising two relational expressions, generating the first matching entry for the relational expression in the expression to be converted and setting the first matching entry as a sub-matching entry, writing the logical operator and the sub-matching entry into a corresponding position in the preset matching object template to obtain a second matching entry, and setting the second matching entry as the logical type matching object entry.
The present invention also provides an electronic device comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the vulnerability testing method when the computer program is executed.
The invention also provides a storage medium, wherein a computer program is stored on the storage medium, and when being executed by a processor, the computer program realizes the steps of the vulnerability testing method.
The invention provides a vulnerability testing method, which comprises the following steps: obtaining a POC code to be converted, and searching an output statement in the POC code to be converted according to a preset field; converting the POC code to be converted into an execution tree by utilizing a symbolic execution mode, and searching a path reaching the output statement in the execution tree; searching for an execution statement corresponding to the path in the POC code to be converted, and performing format conversion on the execution statement according to an execution sequence to obtain a POC file; and performing language conversion on the POC file to obtain a target POC code of a target language, and performing vulnerability detection by using the target POC code.
It can be seen that, when obtaining the POC code to be converted, the present invention first searches for a corresponding output statement in the POC code by using a preset field, because the output statement is usually an execution end point of the POC code and is used for prompting that a bug exists, and the output statement usually includes a special field, the output statement can be searched for a corresponding output statement by using the preset field to determine an end position of the POC code; after that, the invention converts the POC code to be converted into the execution tree by using the symbolic execution mode, can efficiently convert the complex code statement into the simple tree structure, can extract the path reaching the output statement in the execution tree, and can accurately position all the execution statements capable of being executed to the output statement in the POC code through the path, namely can efficiently analyze the execution logic in the POC code to be converted; furthermore, the format of the execution statement is converted to obtain the POC file with a uniform format, and then the target language conversion can be efficiently carried out according to the file, so that the POC code to be converted can be efficiently and accurately converted to the target language, the trouble caused by manual writing is avoided, and the flexibility of POC vulnerability testing is improved. The invention also provides a vulnerability testing device, electronic equipment and a storage medium, which have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a vulnerability testing method according to an embodiment of the present invention;
fig. 2 is a block diagram of a vulnerability testing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the related art, the vulnerability testing framework of the POC test is usually developed based on a certain development language, that is, the POC code is written using the development language, and if the POC code needs to be migrated to another framework, the POC code needs to be rewritten, which makes it difficult to efficiently migrate the POC code. In view of this, the present invention provides a vulnerability testing method, which can efficiently analyze the execution logic in the POC code to be converted, determine the execution statement reaching the output statement, and perform code language conversion on the statement, so as to efficiently convert the POC code to be converted into the target language. Referring to fig. 1, fig. 1 is a flowchart of a vulnerability testing method according to an embodiment of the present invention, where the method includes:
s101, obtaining the POC code to be converted, and searching an output statement in the POC code to be converted according to a preset field.
In this step, the output statement in the POC code to be converted needs to be searched, because the output statement is usually used to indicate that the tested software or platform has an exception, i.e. the test is an end step, and thus the exit position of the POC code can be determined after the output statement is found. Further, since the output statement usually includes a specific field, such as "vulgaris" (finding weakness), the preset field can be used to search the output statement in the POC code to be converted. It should be noted that, the embodiment of the present invention does not limit the specific content of the preset field, and reference may be made to the related technology of POC test. Furthermore, the embodiment of the present invention does not limit the development language used for the POC code to be converted, and may be, for example, development languages such as Python, Java, Go, and the like. The embodiment of the invention also does not limit the preset field used for searching the output statement, and can refer to the related technology of POC test.
S102, converting the POC code to be converted into an execution tree by using a symbolic execution mode, and searching a path reaching an output statement in the execution tree.
Symbolic Execution (symbololic Execution) is a program analysis technique that can be used to get input by analyzing a program to have a particular code region execute. In the embodiment of the present invention, the symbolic execution is used to arrange the complex execution logic in the POC code to be converted, so as to find all execution statements from the program entry execution to the previous execution statement. In short, the symbolic execution manner can convert the POC code to be converted into an execution tree represented by the symbol, and find a program path executable to the output statement in the tree, so that all the execution statements from the program entry to the output statement can be found through the path. It should be noted that, the embodiments of the present invention do not limit the specific implementation procedure of the symbolic execution manner, and reference may be made to the related art performed by the symbolic execution. Further, it should be noted that, since the POC code needs to be completely read in the symbol execution process, software or equipment executing the symbol execution mode should be able to identify the development language corresponding to the POC code, and therefore, the corresponding symbol execution software or symbol execution equipment may be set according to the development language corresponding to the POC code.
S103, searching for an execution statement corresponding to the path in the POC code to be converted, and performing format conversion on the execution statement according to the execution sequence to obtain a POC file.
In the embodiment of the present invention, after the execution statements corresponding to the path are retrieved, format conversion is performed on the statements to obtain a POC file containing all important parameter information. The file is used to store important parameters for generating the execution statements, and may contain, for example, network information for generating HTTP requests, and various matching fields for generating conditional statements. The specific form of the POC file will be explained in detail in the following embodiments. It will be appreciated that in order to store the above-mentioned important parameters in a unified manner, the data in the POC file should be stored in a simple data format that is recognizable by most platforms. It should be noted that the embodiment of the present invention does not limit the specific type of the data format, and may be, for example, JSON format (JSON Object Notation) or XML format (Extensible Markup Language). In view of the fact that the JSON format is simpler and lighter, in the embodiment of the present invention, the data in the POC file can be stored in the JSON format. Further, in order to improve the regularity of the POC file, a POC file template may be preset, and when performing statement conversion, only the extracted parameter information needs to be filled in a corresponding position of the preset POC file template. It should be noted that, the embodiment of the present invention does not limit the specific form of the preset POC file template, and can be set according to the actual application requirement. Further, considering that the execution statement usually includes a conditional statement (e.g., if statement), and the conditional statement usually includes a complex relational expression, such as a relational expression and a logical expression, and the logical expression is usually combined by a plurality of relational expressions, in order to effectively store the relational expression information, a preset matching object template may also be specifically set in the POC file to fill in the parameter information in the relational expression. Details regarding specific contents that the preset matching object template may contain will be described in detail in the following embodiments. It should be noted that, the embodiment of the present invention does not limit the specific organization form of the content in the preset matching object template in the template, and the content can be set according to the actual application requirement. It is understood that when the preset POC file template is in JSON format, the preset matching object template is also in JSON format.
In one possible case, format converting the execution statements according to the execution order to obtain the POC file includes:
step 11: acquiring a preset POC file template and a preset matching object template in a JSON format;
step 12: setting a first execution statement as a statement to be processed according to the execution sequence, and determining the type of the statement to be processed;
step 13: if the statement to be processed is an HTTP request method calling statement, extracting a request information field in the statement to be processed, and filling a target field in a corresponding position in a POC file template; the request information field comprises a request method field, a URL field, a request header field and a request body field;
step 14: if the statement to be processed is a conditional statement, extracting an expression to be converted and a response object in the conditional statement, converting the expression to be converted into a matching object entry of the response object by using a preset matching object template according to the type of the expression to be converted, and writing the matching object entry into a corresponding position of a POC file template; the matching object entries comprise relational matching object entries and logic matching object entries;
step 15: judging whether the statement to be processed is the last statement in the execution statement; if yes, go to step 16; if not, entering step 17;
step 16: setting the preset POC file template which is written into the POC file as a POC file;
and step 17: the next execution statement is set as a statement to be processed according to the execution order, and the step of determining the type of the statement to be processed in step 12 is entered.
In POC codes, two types of statements typically occur: the HTTP request method calls a statement and a conditional statement, wherein the HTTP request calls the statement to generate the HTTP request to be sent to the target device, and the conditional statement is used to detect the response information returned by the target device. Because the difference between the two statements in the POC code is large, the embodiment of the present invention performs format conversion by performing differentiated processing on the two statements. Specifically, the HTTP request calls a function statement in the form of:
rsp=requests.post(host+"123.php",
headers={"Content-Type":"appplication/xml"},
data="<root>some payload</root>")
the request () is an HTTP request method called by the statement, in this example, a "POST" method, and may also be a "GET" method, and the like, and refer to the related technology of HTTP; host + ' 123.php ' is a URL field, heads { ' Content-Type ': appplication/xml } is a request header field, and the ' Content-Type ': appplication/xml ' is an attribute of the request header; data is a request body which is "< root > sound payload"; the rsp variable is used for receiving data returned by the HTTP request method, specifically response data returned by the target device (i.e. the device with the URL corresponding to host + "123. php"). It can be seen that in this statement, the HTTP request method field, the URL field, the request header field, and the request body field generate important parameter information of the HTTP request, and thus the embodiments of the present invention store these request information fields separately. Of course, the above example is only one possible case in POC codes developed by using Python language, and in POC codes written by using other development statements, the form of HTTP request invocation statements may be different, for example, names of HTTP request methods may be different, and specific actual parameter contents and filling manners may also be different, so that request information fields to be extracted may be different in POC codes developed by using other languages.
Further, conditional statements are typically of the form:
if rsp.text.find("con")>=0&&rsp.status_code==200:
wherein "If" denotes an If statement, and rsp.text.find ("con") > -0 & & rsp.status _ code ═ 200 is a logical expression composed of two relational expressions "rsp.text.find (" con ") > -0" and "rsp.status _ code ═ 200" and a logical operator "& &"; in addition, since the HTTP request call function statement of the "rsp" receives a variable of response data, the "rsp" is a response target in the conditional statement. Of course, the relational expression in the if statement may be only a relational expression. In order to distinguish the relational expression from the logical expression, the embodiment of the invention can convert the statement into the relational matching object entry corresponding to the relational expression and the logical matching object entry corresponding to the logical expression according to the expression type contained in the statement to be processed.
Specifically, the conversion method of the relational expression is first described. In the relational expression "rsp.text.find (" con ") > -0", the "text.find (" con ") > -0" is used to determine whether "con" is included in the response Body of the response data "rsp", the targeted response target is "response Body" (Body), the matching manner is "include", and the parameter value is "con"; in the relational expression "rsp. status _ code ═ 200", status _ code ═ 200 "is used to determine whether or not the response status code of the response data" rsp "is equal to 200, the targeted response is the" response status code ", the matching manner is" equal ", and the parameter value is" 200 ". Based on the two examples, it can be seen that the response target, the matching mode and the parameter value in the relational expression are important information for generating the relational expression, and therefore, the response target field, the matching mode field and the parameter value field can be written into the relational matching object entry; in addition, since some response targets have sub-attributes, for example, the response body may contain the sub-attribute "Content-Type" (Content format), and the POC code also determines that the sub-attribute of the response target is written into the relational expression, the response target attribute can also be written into the relational matching object entry.
Further, the conversion manner of the logical expression will be described below. In the logic expression "rsp.text.find (" con ") >," & & rsp.status _ code ═ 200 ", two sub-relational expressions and a logic operator" & & ", therefore, corresponding relational matching object entries can be generated for the two sub-relational expressions first and set as sub-matching entries of the logic expression, and then the logic operator and the sub-matching entries are written into the logic type matching entries of the logic expression. Obviously, relational matching object entries can be nested into logical matching entries; it should be noted that a certain logic type matching entry may also be nested into another logic type matching entry, for example, when processing a logic expression including three or more relational expressions, the logic expression may be converted into a plurality of sub-logic expressions according to the priority order of the logic operator, and the nesting manner is adopted for processing.
In one possible case, converting the expression to be converted into the matching object entry of the response object by using a preset matching object template according to the type of the expression to be converted may include:
step 21: determining the type of an expression to be converted;
step 22: if the expression to be converted is a relational expression, extracting a matching information field in the expression to be converted, writing the matching information field into a corresponding position in a preset matching object template to obtain a first matching entry, and setting the first matching entry as a relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
step 23: if the expression to be converted is a logic expression containing two relational expressions, extracting a logic operator in the expression to be converted, generating a first matching item for the relational expression in the expression to be converted and setting the first matching item as a sub-matching item, writing the logic operator and the sub-matching item into corresponding positions in a preset matching object template to obtain a second matching item, and setting the second matching item as a logic type matching object item.
In one possible scenario, the preset POC file template may be in the form of:
Figure BDA0003410228910000111
for the following example code:
import requests # import requests library
host ═ http:// test. com/"# URL field
request is. post (host + "123.php", # HTTP request statement
headers={"Content-Type":"appplication/xml"},
data="<root>some payload</root>")
If rsp.text.find ("con") > -0 & & rsp.status _ code ═ 200: # conditional statement
print("vulnerable")
The corresponding POC file may be:
Figure BDA0003410228910000112
Figure BDA0003410228910000121
s104, performing language conversion on the POC file to obtain a target POC code of a target language, and performing vulnerability detection by using the target POC code.
After the POC file is obtained, the target POC code of the target language can be regenerated according to the information contained in the file so as to utilize the target POC code to carry out vulnerability detection. The specific parsing process is similar to the above-mentioned reverse process for generating the POC file, and is not described herein again.
In one possible scenario, language converting the POC file into the target POC code of the target language may include:
step 41: searching an HTTP request function corresponding to a target language according to a request method field in the POC file, and writing a URL field, a request header field and a request body field into a corresponding real parameter position in the HTTP request function to obtain an initial interface request statement;
step 42: establishing a corresponding relation between the initial interface request statement and the response object to obtain a target interface request statement;
step 43: determining the type of a matching object entry to be converted in the POC file;
step 44: if the matched object item to be converted is a relational matched object item, searching a corresponding preset statement template in the target language according to a response target in the matched object item to be converted, writing the response object, the response target attribute, the matching mode and the parameter value into the preset statement template to obtain a first target expression, and generating a target conditional statement by using the first target expression;
step 45: if the matching object item to be converted is a logic type matching object item, generating a first target expression for the sub-matching items in the matching object item to be converted and setting the first target expression as a sub-expression, splicing the sub-expressions according to logic operators in the matching object item to be converted to obtain a second target expression, and generating a target conditional statement by using the second target expression;
step 46: the target POC code is generated using the target interface request statement and the target conditional statement.
After the target POC code is obtained, vulnerability detection can be carried out by using a target interface request statement and a target conditional statement in the target POC code. In brief, a target interface request statement can be used for sending a target request, response information returned by target equipment is assigned to a response object, and then vulnerability detection is carried out on the response object by using a target condition statement so as to determine whether software vulnerabilities exist in the target equipment.
In one possible scenario, exploit target POC codes for vulnerability detection may include:
step 51: sending a target request to the target equipment by using a target interface request statement and receiving response information returned by the target equipment;
step 52: and detecting the vulnerability of the response information by using the target conditional statement.
It should be noted that, the embodiment of the present invention does not limit the sending process of the target request, nor the specific process of vulnerability detection, and all the above processes refer to the related art.
Based on the above embodiment, when obtaining the POC code to be converted, the present invention first searches for a corresponding output statement in the POC code by using a preset field, because the output statement is usually an execution end point of the POC code and is used for prompting that a bug exists, and the output statement usually includes a special field, the output statement can be searched for a corresponding output statement by using the preset field to determine an end position of the POC code; after that, the invention converts the POC code to be converted into the execution tree by using the symbolic execution mode, can efficiently convert the complex code statement into the simple tree structure, can extract the path reaching the output statement in the execution tree, and can accurately position all the execution statements capable of being executed to the output statement in the POC code through the path, namely can efficiently analyze the execution logic in the POC code to be converted; furthermore, the format of the execution statement is converted to obtain the POC file with a uniform format, and then the target language conversion can be efficiently carried out according to the file, so that the POC code to be converted can be efficiently and accurately converted to the target language, the trouble caused by manual writing is avoided, and the flexibility of POC vulnerability testing is improved.
In the following, the vulnerability testing apparatus, the electronic device and the storage medium provided by the embodiment of the present invention are introduced, and the vulnerability testing apparatus, the electronic device and the storage medium described below and the vulnerability testing method described above may be referred to correspondingly.
Referring to fig. 2, fig. 2 is a block diagram of a vulnerability testing apparatus according to an embodiment of the present invention, where the apparatus may include:
an obtaining module 201, configured to obtain a POC code to be converted, and search an output statement in the POC code to be converted according to a preset field;
an execution tree conversion module 202, configured to convert the POC code to be converted into an execution tree in a symbolic execution manner, and search a path to an output statement in the execution tree;
the POC file conversion module 203 is configured to search an execution statement corresponding to the path in the POC code to be converted, and perform format conversion on the execution statement according to the execution sequence to obtain a POC file;
and the target language conversion module 204 is configured to perform language conversion on the POC file to obtain a target POC code of the target language, and perform vulnerability detection by using the target POC code.
Optionally, the POC file converting module 203 includes:
the template obtaining submodule is used for obtaining a preset POC file template and a preset matching object template in a JSON format;
the first setting submodule is used for setting a first execution statement as a statement to be processed according to the execution sequence and determining the type of the statement to be processed;
the first conversion submodule is used for extracting a request information field in the sentence to be processed and filling a target field in a corresponding position in the POC file template if the sentence to be processed is an HTTP request method calling sentence; the request information field comprises a request method field, a URL field, a request header field and a request body field;
the second conversion submodule is used for extracting the expression to be converted and the response object in the conditional statement if the statement to be processed is the conditional statement, converting the expression to be converted into the matching object entry of the response object by using a preset matching object template according to the type of the expression to be converted, and writing the matching object entry into the corresponding position of the POC file template; the matching object entries comprise relational matching object entries and logic matching object entries;
the judging submodule is used for judging whether the statement to be processed is the last statement in the execution statements;
the POC file generation submodule is used for setting the written preset POC file template as a POC file if the preset POC file template is the POC file;
and the second setting submodule is used for setting the next execution statement as the statement to be processed according to the execution sequence if the execution sequence is not the same as the execution sequence, and entering the step of determining the type of the statement to be processed.
Optionally, the second conversion submodule includes:
the type determining unit is used for determining the type of the expression to be converted;
the first conversion unit is used for extracting a matching information field in the expression to be converted if the expression to be converted is a relational expression, writing the matching information field into a corresponding position in a preset matching object template to obtain a first matching entry, and setting the first matching entry as a relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
the second conversion unit is used for extracting a logic operator in the expression to be converted if the expression to be converted is a logic expression containing two relational expressions, generating a first matching entry for the relational expression in the expression to be converted and setting the first matching entry as a sub-matching entry, writing the logic operator and the sub-matching entry into corresponding positions in a preset matching object template to obtain a second matching entry, and setting the second matching entry as a logic type matching object entry.
Optionally, the target language conversion module 204 may include:
the third conversion submodule is used for searching an HTTP request function corresponding to the target language according to the request method field in the POC file, and writing the URL field, the request head field and the request body field into the corresponding real parameter position in the HTTP request function to obtain an initial interface request statement;
the corresponding relation establishing submodule is used for establishing a corresponding relation between the initial interface request statement and the response object to obtain a target interface request statement;
the type determining submodule is used for determining the type of the object item to be converted and matched in the POC file;
the fourth conversion submodule is used for searching a corresponding preset statement template in the target language according to the response target in the matched object item to be converted if the matched object item to be converted is the relational matched object item, writing the response object, the response target attribute, the matching mode and the parameter value into the preset statement template to obtain a first target expression, and generating a target conditional statement by using the first target expression;
a fifth conversion sub-module, configured to, if the to-be-converted matching object entry is a logical type matching object entry, generate a first target expression for a sub-matching entry in the to-be-converted matching object entry and set the first target expression as a sub-expression, splice the sub-expressions according to a logical operator in the to-be-converted matching object entry to obtain a second target expression, and generate a target conditional statement using the second target expression;
and the code generation submodule is used for generating the target POC code by utilizing the target interface request statement and the target conditional statement.
Optionally, the target language conversion module 204 may include:
the response information sending submodule is used for sending a target request to the target equipment by using a target interface request statement and receiving response information returned by the target equipment;
and the vulnerability detection submodule is used for carrying out vulnerability detection on the response information by using the target condition statement.
An embodiment of the present invention further provides an electronic device, including:
a memory for storing a computer program;
the processor is used for implementing the steps of the vulnerability testing method when executing the computer program.
Since the embodiment of the electronic device portion corresponds to the embodiment of the vulnerability testing method portion, please refer to the description of the embodiment of the vulnerability testing method portion for the embodiment of the electronic device portion, which is not repeated here.
The embodiment of the invention also provides a storage medium, wherein a computer program is stored on the storage medium, and when being executed by a processor, the computer program realizes the steps of the vulnerability testing method of any embodiment.
Since the embodiment of the storage medium portion corresponds to the embodiment of the vulnerability testing method portion, please refer to the description of the embodiment of the vulnerability testing method portion for the embodiment of the storage medium portion, which is not repeated here.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above details describe a vulnerability testing method, apparatus, electronic device and storage medium provided by the present invention. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims (10)

1. A vulnerability testing method is characterized by comprising the following steps:
obtaining a POC code to be converted, and searching an output statement in the POC code to be converted according to a preset field;
converting the POC code to be converted into an execution tree by utilizing a symbolic execution mode, and searching a path reaching the output statement in the execution tree;
searching for an execution statement corresponding to the path in the POC code to be converted, and performing format conversion on the execution statement according to an execution sequence to obtain a POC file;
and performing language conversion on the POC file to obtain a target POC code of a target language, and performing vulnerability detection by using the target POC code.
2. The vulnerability testing method of claim 1, wherein the format conversion of the execution statements according to the execution order to obtain a POC file comprises:
acquiring a preset POC file template and a preset matching object template in a JSON format;
setting the first execution statement as a statement to be processed according to the execution sequence, and determining the type of the statement to be processed;
if the statement to be processed is an HTTP request method calling statement, extracting a request information field in the statement to be processed, and filling the target field in a corresponding position in the POC file template; the request information field comprises a request method field, a URL field, a request header field and a request body field;
if the statement to be processed is a conditional statement, extracting an expression to be converted and a response object in the conditional statement, converting the expression to be converted into a matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted, and writing the matching object entry into a corresponding position of the POC file template; the matching object entries comprise relational matching object entries and logical matching object entries;
judging whether the statement to be processed is the last statement in the execution statements;
if yes, setting the preset POC file template which is written into the POC file as the POC file;
if not, setting the next execution statement as the statement to be processed according to the execution sequence, and entering the step of determining the type of the statement to be processed.
3. The vulnerability testing method according to claim 2, wherein the converting the expression to be converted into the matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted comprises:
determining the type of the expression to be converted;
if the expression to be converted is a relational expression, extracting a matching information field in the expression to be converted, writing the matching information field into a corresponding position in the preset matching object template to obtain a first matching entry, and setting the first matching entry as the relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
if the expression to be converted is a logical expression comprising two relational expressions, extracting a logical operator in the expression to be converted, generating the first matching entry for the relational expression in the expression to be converted and setting the first matching entry as a sub-matching entry, writing the logical operator and the sub-matching entry into a corresponding position in the preset matching object template to obtain a second matching entry, and setting the second matching entry as the logical type matching object entry.
4. The vulnerability testing method of claim 3, wherein the language converting the POC file to obtain target POC codes of a target language comprises:
searching an HTTP request function corresponding to the target language according to a request method field in the POC file, and writing the URL field, the request header field and the request body field into a corresponding real parameter position in the HTTP request function to obtain an initial interface request statement;
establishing a corresponding relation between the initial interface request statement and the response object to obtain a target interface request statement;
determining the type of a matching object entry to be converted in the POC file;
if the matched object item to be converted is the relational matched object item, searching a corresponding preset statement template in a target language according to a response target in the matched object item to be converted, writing the response object, the response target attribute, the matching mode and the parameter value into the preset statement template to obtain a first target expression, and generating a target conditional statement by using the first target expression;
if the matching object item to be converted is the logic type matching object item, generating the first target expression for the sub-matching items in the matching object item to be converted and setting the first target expression as a sub-expression, splicing the sub-expressions according to the logic operator in the matching object item to be converted to obtain a second target expression, and generating the target conditional statement by using the second target expression;
generating the target POC code using the target interface request statement and the target conditional statement.
5. The vulnerability testing method of claim 4, wherein the utilizing the target POC code for vulnerability detection comprises:
sending a target request to target equipment by using the target interface request statement, and receiving response information returned by the target equipment;
and utilizing the target conditional statement to carry out vulnerability detection on the response information.
6. A vulnerability testing apparatus, comprising:
the device comprises an acquisition module, a conversion module and a conversion module, wherein the acquisition module is used for acquiring the POC code to be converted and searching an output statement in the POC code to be converted according to a preset field;
an execution tree conversion module, configured to convert the POC code to be converted into an execution tree in a symbolic execution manner, and search a path to the output statement in the execution tree;
a POC file conversion module, configured to search for an execution statement corresponding to the path in the POC code to be converted, and perform format conversion on the execution statement according to an execution order to obtain a POC file;
and the target language conversion module is used for performing language conversion on the POC file to obtain a target POC code of a target language and performing vulnerability detection by using the target POC code.
7. The vulnerability testing apparatus of claim 6, wherein the POC file conversion module comprises:
the template obtaining submodule is used for obtaining a preset POC file template and a preset matching object template in a JSON format;
the first setting submodule is used for setting the first execution statement as a statement to be processed according to the execution sequence and determining the type of the statement to be processed;
a first conversion sub-module, configured to, if the to-be-processed statement is an HTTP request method invocation statement, extract a request information field in the to-be-processed statement, and fill the target field in a corresponding position in the POC file template; the request information field comprises a request method field, a URL field, a request header field and a request body field;
the second conversion submodule is used for extracting the expression to be converted and the response object in the conditional statement if the statement to be processed is the conditional statement, converting the expression to be converted into the matching object entry of the response object by using the preset matching object template according to the type of the expression to be converted, and writing the matching object entry into the corresponding position of the POC file template; the matching object entries comprise relational matching object entries and logical matching object entries;
the judging submodule is used for judging whether the statement to be processed is the last statement in the execution statements;
a POC file generation submodule, configured to set, if yes, the written preset POC file template as the POC file;
and the second setting submodule is used for setting the next execution statement as the statement to be processed according to the execution sequence if the execution sequence is not the same as the execution sequence, and entering the step of determining the type of the statement to be processed.
8. The vulnerability testing apparatus of claim 7, wherein the second conversion submodule comprises:
the type determining unit is used for determining the type of the expression to be converted;
the first conversion unit is used for extracting a matching information field in the expression to be converted if the expression to be converted is a relational expression, writing the matching information field into a corresponding position in the preset matching object template to obtain a first matching entry, and setting the first matching entry as the relational matching object entry; the matching information field comprises a response target field, a response target attribute field, a matching mode field and a parameter value field;
and the second conversion unit is used for extracting a logical operator in the expression to be converted if the expression to be converted is a logical expression comprising two relational expressions, generating the first matching entry for the relational expression in the expression to be converted and setting the first matching entry as a sub-matching entry, writing the logical operator and the sub-matching entry into a corresponding position in the preset matching object template to obtain a second matching entry, and setting the second matching entry as the logical type matching object entry.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the vulnerability testing method of any of claims 1 to 5 when executing the computer program.
10. A storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the vulnerability testing method according to any of claims 1 to 5.
CN202111525524.9A 2021-12-14 2021-12-14 Vulnerability testing method and device, electronic equipment and storage medium Pending CN114168479A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111525524.9A CN114168479A (en) 2021-12-14 2021-12-14 Vulnerability testing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111525524.9A CN114168479A (en) 2021-12-14 2021-12-14 Vulnerability testing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114168479A true CN114168479A (en) 2022-03-11

Family

ID=80486416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111525524.9A Pending CN114168479A (en) 2021-12-14 2021-12-14 Vulnerability testing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114168479A (en)

Similar Documents

Publication Publication Date Title
CN109857641B (en) Method and device for detecting defects of program source file
CN110502227B (en) Code complement method and device, storage medium and electronic equipment
CN113900958A (en) Test case script generation method, system, medium and electronic device
CN111488573A (en) Link library detection method and device, electronic equipment and computer readable storage medium
CN107729001B (en) Expression processing method and device
CN116028028A (en) Request function generation method, device, equipment and storage medium
CN114238151A (en) Software testing method and device, electronic equipment and storage medium
CN113885880A (en) Multi-rule matching method, device and equipment
CN114168479A (en) Vulnerability testing method and device, electronic equipment and storage medium
CN109359055B (en) Data testing method and device
CN108132799B (en) Inter-process static program analysis information extraction method, device and equipment
CN108959056B (en) Test case generation method and test case generation device
KR20200103133A (en) Method and apparatus for performing extract-transfrom-load procedures in a hadoop-based big data processing system
CN112579093B (en) Information pushing method and device and related equipment
CN113688134B (en) Visual variable management method, system and equipment based on multidimensional data
KR102314829B1 (en) Method for evaluating risk of data leakage in application, recording medium and device for performing the method
CN112817864B (en) Method, device, equipment and medium for generating test file
CN114528218A (en) Test program generation method, test program generation device, storage medium, and electronic device
CN111475403A (en) Dynamic generation method of test script and related device
CN114117440A (en) Script command vulnerability detection method, vulnerability scanner and storage medium
CN112181816A (en) Interface testing method and device based on scene, computer equipment and medium
CN112000573B (en) Code quality monitoring method and device, computer equipment and medium
CN111309311B (en) Vulnerability detection tool generation method, device, equipment and readable storage medium
CN116126347B (en) File compiling system and method for low-code application program
CN111151008B (en) Verification method and device for game operation data, configuration background and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination