CN101706749A - Comprehensive processing method based on software safety defect detection and functional module framework thereof - Google Patents
Comprehensive processing method based on software safety defect detection and functional module framework thereof Download PDFInfo
- Publication number
- CN101706749A CN101706749A CN200910216239A CN200910216239A CN101706749A CN 101706749 A CN101706749 A CN 101706749A CN 200910216239 A CN200910216239 A CN 200910216239A CN 200910216239 A CN200910216239 A CN 200910216239A CN 101706749 A CN101706749 A CN 101706749A
- Authority
- CN
- China
- Prior art keywords
- software
- data
- defect
- safety defect
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method based on software safety defect detection and a functional module framework device adopted by the method, belonging to the network safety field. The method comprises initialization of software to be detected and detection standards, preprocessing of preliminary analysis data of the software to be detected, sequential detection according to the single safety defect standard and safety defect grade evaluation, comprehensive processing of the safety defects and detection result storage and data discard. The functional module framework comprises a unit module for carrying out initialization on the software to be detected and the detection standards, a unit module for processing the preliminary analysis data of the software to be detected, a unit module for carrying out detection according to the single safety defect standard and evaluating the safety defect grades, a unit module for carrying out comprehensive processing on the safety defects, a unit module for storing the detection results and discarding the data and a database. The invention can carry out overall detection and comprehensive processing on the safety defects of the software and has the characteristics of wide detection range, strong adaptability to the safety defects of the software, high accuracy and reliability of detection and comprehensive processing results and no special requirements on the functions and properties of the software, etc.
Description
Technical field
The invention belongs to the network security technology field, particularly a kind of integrated conduct method and functional module construction (device) that detects at software safety defect for realizing that its method adopted.Adopt the inventive method and device thereof can carry out the detection of safety defect at the software of known source code form.
Background technology
Because program design and write defective itself, make the software security reduction, be a major reason that causes the software security problem.Be present in the safety defect in the software systems in a large number, make software be subjected to unexpected attack again, even cause heavy losses in operational phase.
Discovery at software defect at present mainly contains three kinds of methods, one is based on the detection method of software vulnerability and defect mode, for example, application number is CN200810114261.0, denomination of invention is the patent documentation of " a kind of method of testing and system based on software defect mode ", and the method for employing is to read tested program source code file and defect state machine SDSM description document, tested program is carried out pre-service, resolve the SDSM description document; Tested program is carried out lexical analysis and grammatical analysis, construct abstract syntax tree; According to abstract syntax tree, generate control flow graph and symbol table, and, carry out the calculating and the renewal of the interval collection of variable-value according to control flow graph and symbol table; Tested program is carried out the function calling relationship analysis, the generating function call graph; Being unit with the function according to function calling relationship figure travels through the control flow graph, and the status change of each node defect state machine on the calculation control flow graph, the corresponding checkpoint of report when the defect state machine enters defect state; This patent promptly belongs to this type of technology.
The 2nd, utilize in the software execute process similarity of track to come the positioning software defective, for example application number is CN200810018981.7, denomination of invention is the patent documentation of " a kind of based on the software defect positioning method of carrying out the track block similarity ", the step of taking is that (1) collects and track is carried out in the execution information and the generation of arrangement test case; (2) select to be used for locating the test use cases of defective according to carrying out the track block similarity; (3) test case of selecting is carried out track and carry out system's comparison Accounting Legend Code suspicion rate; (4) the code suspicion rate is mapped to source program and generates the defect location report.This patent belongs to this type of technology;
The 3rd, design defect monitoring and analysis module adopt the insertion point to carry out the method that software defect detects, for example application number is CN200710163839.7, denomination of invention is the patent documentation of " a kind of system and method for rapidly diagnosing system software defect ", the method that adopts is, in order to the system program defective that causes system mistake is located fast and to user's feedback.At first, according to user's request, preestablish and the program of writing system defect analysis criterion in system, and in the program module of system, defect analysis result's fineness demand is added several defective insertion points according to the user, in the system program operational process, produce defect management information then at above-mentioned each place, defective insertion point, and this management information monitored, to collect relevant system defect data, pass through the collected system defect data of program real-time analysis of system defect analysis rule at last, in system journal, the user is given in repayment simultaneously so as to the minimum defective set that obtains to cause system mistake and real time record.
Existing conventional program defect analysis testing tool mainly contains: based on the analysis tool of program sentence structure with based on the analysis tool of the program meaning of one's words, and use code to move the instrument of test.
Analysis tool based on the program sentence structure mainly contains: Splint, Pscan, Flawfinder, RATS, ITS4, Smacth, this class instrument adopts regular expression and general cutting techniques, and code is carried out simple syntactic analysis, search suspect structure. because be analysis on the face, many false-alarms may be produced, but only simple question can be detected. more sane when its simple analysis also makes its processing comprise the expansion language, these expansion language usually are left in the basket in other places; While is not because of syntactic analysis needs a large amount of calculating yet, so speed is very fast, can handle the program of any size.
Analysis tool based on the program meaning of one's words mainly contains: BOON, PolySpace for C/C++, Coverity Prevent, GrammaTech CodeSonar, Klocwork K7, BLAST, MAGIC, MOPS, this class static analysis has two kinds of modules to constitute usually: front-end and back-end, front end is used to analyze source code, generates source code model, and the rear end is then analyzed this model, searched problem and defective.According to the implementation of analysis part, can be divided into two types to this class instrument.One is based on formal method, is also referred to as mathematical programming, and program characteristic is provided, for example pattern checking and theoretical proof; There is the scale problem usually in these instruments, because used a large amount of calculating, make it only can handle the capable program less than 20K, for also needing to spend 15 hours less than the capable program of 10K, still restrain, and can find problem complicated and that do not see Chu.Two are based on advanced didactic method, pinpoint the problems by regular fingerprint; The characteristics of this instrument are, scale is good, but its analysis is not thorough, only can find simple problem, are difficult for convergence.Generally 100 ten thousand line codes can be handled, in 10 minutes or shorter time, the 10K line code can be handled.About 30% false-alarm all can appear in above-mentioned two class instruments.
The instrument that uses code to move test mainly contains Parasoft Insure++, GNU Checker, ElectricFence, MemWatch, this class instrument trace routine mistake when program run, utilize the state of certain point to detect,, more advantage is arranged than using based on the analysis tool of program sentence structure and easier based on the analysis tool of the program meaning of one's words.At first be accurately, do not have false-alarm and fail to report, displaying be model actual rather than that extract; Secondly, without limits for the size of detected program.And maximum shortcoming is that the detected program of requirement is to move, and therefore can not carry out partial test to program; Secondly, the convergence of detection depends on tester's technical ability, and the test volume that need carry out is big; Its three, given diagnosis is rudimentary, is similar to debugger, comes function less compared with preceding two class instruments, only can list the defect problem of storer and pointer in the program.
Above-mentioned technology and method all are to detect at the defective of software in programming, and all do not relate to for this problem of the safety defect that how to detect software.
And be CN200910003082.4 at application number, denomination of invention is the patent documentation of " a kind of detection method based on safety bug defect mode ", a kind of status change that adopts each node security Vuln Status machine on control flow graph and function calling relationship figure, the calculation control flow graph is disclosed, last output safety leak testing journal sheet; Though this detection method can detect at the security breaches defective, and the position at software safety defect place can not be provided, and the hazard level of safety defect, thereby be not easy to carry out the specific aim processing;
Summary of the invention
The objective of the invention is defective at the background technology existence, a kind of integrated conduct method and functional module construction thereof that detects based on software safety defect of research and design, reach under the situation that software source code is only arranged, by multi-level comprehensive detection, find the security flaw in the software effectively, and the position at software safety defect place can accurately be provided, and the hazard level of safety defect, so that carry out purposes such as specific aim processing.
Solution of the present invention is that software under testing is at first obtained basic data, adopts each single defects detection standard of setting successively it to be detected and the safety defect level evaluation again by existing tool analysis software processes, then single fault detection data and defect estimation grade thereof are carried out overall treatment in the lump, at last the result after the overall treatment is carried out stores processor, promptly get the final detection result of tested software; And be the functional module construction device of realizing that this method adopted, then be detection and the Integrated Processing Unit that is provided with as the basis with conventional Industrial Control Computer, this device is in service respectively by man-machine input, output interface input data and output testing result, thereby realize its goal of the invention. therefore, method of the present invention comprises:
A. software under testing and examination criteria initialization process:
A
a. will need the dbase that detects, the conventional analysis instrument of selecting for use, original data storage address, final detection result memory address, and each single defects detection standard (parameter) and overall treatment program carry out the initialization setting, and with its as initialization data deposit database in, in order to calling;
A
b. with the conventional software analysis tool that software typing to be measured is selected for use, instrument is handled one by one by analysis, obtains the initial analysis data of software under testing, with usefulness to be detected;
B. the pre-service of software under testing initial analysis data: from all initial analysis data of software under testing of steps A b input, extract the defect characteristic data, and the address of typing original data storage one by one, as the analysis data data of software under testing, use in order to further detecting;
C. detect successively and the safety defect level evaluation by single safety defect standard: will adopt steps A from the analysis data of step B gained software under testing
aMiddle each single safety defect examination criteria of setting detects one by one, detects and finishes back commentaries on classics step D; Each single safety defect detects step:
C
a. at first respectively the initial analysis data that each analysis tool provides are compared detection one by one according to the single safety defect standard of setting (parameter), when conforming to arbitrary characteristics parameter in the safety defect standard, then will analyze the characteristic parameter of data and detection trigger standard, send step C
bHandle; If all be not inconsistent, then be no safety defect data, directly change step D processing with each single defects detection standard;
C
b. safety defect level evaluation: according to step C
aThe data that have safety defect of input will add 1 on the defect estimation grade in the corresponding with it analysis data; Return step C then
aThe defect rank assessment of the detection that the continuation execution had not been carried out and this step finishes until detecting, assessing:
D. safety defect overall treatment: detect in the data of back input through step C, if do not have the data recording of safety defect, then deposit behind the database directly commentaries on classics step e in; If the analysis data of band safety defect, then therefrom extract and comprise that the defect characteristic data of defective locations feature and defective function feature carry out the overall treatment of safety defect, processing finishes the back, directly changes step e; The step of safety defect overall treatment is:
D
a. handle at the defective locations feature: respectively analyze data what step C handled back input tape safety defect, going out existing number at defective compares one by one, when identical row number occurs, then with corresponding defect rank addition, and analyzed software document name, defective are gone out existing number, safety defect grade deposit database in as the position feature reference record of defective;
D
b. handle at defective function feature: input tape safety defect after step C handles respectively analyzed data, chase a comparison at defect characteristic, when having identical defect characteristic (parameter), then with corresponding defect rank addition, and will cause that the function name of defective, safety defect grade deposit database in as the function representative record of defective;
E: the storage of testing result and data discard processing: will be through the result of the processing of step D input, that is: no safety defect or defective locations feature and defective function feature deposit the final detection result memory address one by one in, are the safety defect testing result of tested software; And other is analyzed data and the software raw data when to be measured make discard processing.
The single characteristic standard of the software safety defect of the above setting comprises: sensitivity function examination criteria, character string examination criteria, pointer examination criteria.Wherein: the sensitivity function examination criteria is strcpy, fscanf, getwd, strncpy, strcat, strdup, sprintf, sqrt, log; The character string examination criteria is "/", " % ", " /=", " %=", len, abort, exit, assert, setjmp, longjmp, goto, break, continue, return, switch, for, while, do while; The pointer examination criteria is malloc, new, HeapAlloc, NULL.
The functional module construction device that above-mentioned software safety defect detection method is adopted, comprise database and:
A. the unit module of software under testing and examination criteria initialization process is used for conventional analysis instrument, software under testing and the examination criteria selected for use are carried out initialization process, storage, for future use;
B. one is carried out pretreated unit module to software under testing initial analysis data, is used for extracting the defects detection feature from basic data, uses when detecting;
C. press single safety defect standard detection and safety defect level evaluation unit module for one, be used to call the single safety defect examination criteria of setting and respectively the software under testing initial analysis data that each analysis tool provides compared detection one by one, and the seriousness of its safety defect is carried out level evaluation according to its standard;
D. safety defect overall treatment unit module is used for the row that occurs at the software under testing defective number, defective function feature is carried out overall treatment, and the tested software of no safety defect data is noted down;
E. one to testing result storage with make the unit module of data discard processing, is used for the safety defect final detection result of tested software is deposited in memory address, and all the other raw data of analyzing data and tested software are made discard processing.
The present invention is owing at first obtain software under testing basic data, adopt each single defects detection standard of setting successively it to be detected and the safety defect level evaluation again by existing tool analysis software processes, then single fault detection data and defect estimation grade thereof are carried out overall treatment in the lump, the order of severity that obtains the position that contains software safety defect of tested software and defective at last is in interior final detection result; And adopt conventional Industrial Control Computer the functional module construction device to be set as the basis.The present invention is not having software under the situation of any extra demand, and by each single defects detection and overall treatment, measure tested software and whether have security flaw, and the order of severity of the position of definite software safety defect and defective; Thereby have and to carry out whole detection and overall treatment at the number of drawbacks of software, its sensing range is wide, strong to the adaptability of software safety defect, detection and overall treatment be accuracy, reliability height as a result, and does not need that the function and the performance of software are had characteristics such as special requirement.
Description of drawings
Fig. 1 is a method for comprehensive detection schematic flow sheet of the present invention (block scheme);
Fig. 2 the inventive method functional module construction apparatus structure synoptic diagram (block scheme);
Fig. 3 specific embodiment of the invention method for comprehensive detection schematic flow sheet (block scheme).
Embodiment
Present embodiment adopts Arck-114R type Industrial Control Computer as pick-up unit; Promptly be provided with respectively in the storer in controller (but execute store and data-carrier store) software under testing and examination criteria initialization process unit module, to software under testing initial analysis data carry out pretreated unit module, by single safety defect standard detection and safety defect level evaluation unit module, safety defect overall treatment unit module, to the testing result storage with do the unit module and the corresponding number a tree names storehouse of data discard processing; Whole detection device is provided with each functional module and corresponding parameters by man-machine input interface, also connects and the typing data to be tested by man-machine interface, and stores and send software safety defect information by memory interface.
Be that example describes with following parameter below.
The software that need to detect by name d: test openbus;
The conventional analysis instrument of selecting for use is: Flawfinder, RATS, Coverity Prevent, GrammaTech CodeSonar, Parasoft Insure++, MemWatch;
The memory address that is used for raw data be d: openbus original;
The memory address that is used for net result be d: openbus result;
Single defect standard examination criteria 1 (parameter):
Strcpy appears in sensitivity function standard detection parameter in the raw data, note by abridging into 1.1-1 (strcpy); Occur fscanf in the raw data, note by abridging into 1.1-2 (fscanf); Occur getwd in the raw data, note by abridging into 1.1-3 (getwd); Occur sprintf in the raw data, note by abridging into 1.1-4 (sprintf).
Character string standard detection parameter occurs in the raw data "/", notes by abridging into 1.2-1 (/); Occur in the raw data " % ", note by abridging into 1.2-2 (%); Occur " /=" in the raw data, note by abridging into 1.2-3 (/=); Occur abort in the raw data, note by abridging into 1.2-4 (abort).
Malloc appears in pointer standard detection parameter in the raw data, note by abridging into 1.3-1 (malloc); Occur new in the raw data, note by abridging into 1.3-2 (new).
Fig. 3 is this embodiment method for comprehensive detection schematic flow sheet (block scheme), and its method for comprehensive detection comprises:
A. initialization process: above-mentioned detected parameters is implanted in the pick-up unit by man-machine interface; And, obtain basic data with the conventional analysis instrument processing of software under testing by selecting;
B. data pre-service: be used for extracting the defects detection feature of the basic data that obtains from steps A, use when detecting;
C. detect successively and the safety defect level evaluation by single safety defect standard: will adopt steps A from the analysis data of step B gained software under testing
aMiddle each single safety defect examination criteria of setting detects one by one, detects and finishes back commentaries on classics step D; Each single safety defect detects step:
C
a. at first compare detection one by one with the initial analysis data that each analysis tool provides respectively according to " 1.1-1 (strcpy), 1.1-2 (fscanf), 1.1-3 (getwd), 1.1-4 (sprintf), 1.2-1 (/), 1.2-2 (%), 1.2-3 (/=), 1.2-4 (abort), 1.3-1 (malloc), 1.3-2 (new) " in the single safety defect standard of setting 1 (sensitivity function standard detection parameter set), when conforming to arbitrary characteristics parameter in the safety defect standard, then will analyze the characteristic parameter of data and detection trigger standard, send step C
bHandle; If all be not inconsistent, then be no safety defect data, directly change step D processing with each single defects detection standard;
C
b. safety defect level evaluation: according to step C
aThe data that have safety defect of input will add 1 on the defect estimation grade in the corresponding with it analysis data; Return step C then
aThe defect rank assessment of the detection that the continuation execution had not been carried out and this step finishes until detecting, assessing;
D. safety defect overall treatment: detect in the data of back input through step C, if do not have the data recording of safety defect, then deposit behind the database directly commentaries on classics step e in; If the analysis data of band safety defect, then therefrom extract and comprise that the defect characteristic data of defective locations feature and defective function feature carry out the overall treatment of safety defect, processing finishes the back, directly changes step e; The step of safety defect overall treatment is:
D
a. handle at the defective locations feature: respectively analyze data what step C handled back input tape safety defect, going out existing number at defective compares one by one, when identical row number occurs, then with corresponding defect rank addition, and analyzed software document name, defective are gone out existing number, safety defect grade deposit database in as the position feature reference record of defective;
D
b. handle at defective function feature: input tape safety defect after step C handles respectively analyzed data, chase a comparison at defect characteristic, when having identical defect characteristic (parameter), then with corresponding defect rank addition, and will cause that the function name of defective, safety defect grade deposit database in as the function representative record of defective;
E: the storage of testing result and data discard processing: will be through the result of the processing of step D input, for no safety defect testing result, the defective locations characteristic standard is designated as that (defective goes out existing number=0, safety defect is estimated branch=0), defective function characteristic standard is designated as and (causes function name=0 of defective, safety defect is estimated branch=0), with defective locations feature and defective function feature, deposit the final detection result memory address one by one in, be the safety defect testing result of tested software; For the safety defect testing result is arranged, directly, deposit the final detection result memory address one by one in defective locations feature and defective function feature; Be the safety defect testing result of tested software; And other are analyzed data and the software raw data when to be measured make discard processing.
In the present embodiment, in case the safety defect of single feature occurs, the data of the arbitrary standard in 1 (the single defects detection regular set) for example appear meeting, the safety defect detecting device will by the defect processing module in the net result memory address, the storage detected software safety defect information.
Claims (6)
1. integrated conduct method that detects based on software safety defect comprises:
A. software under testing and examination criteria initialization process:
A
a. will need the dbase that detects, the conventional analysis instrument of selecting for use, original data storage address, final detection result memory address, and each single defects detection standard and overall treatment program carry out the initialization setting, and with its as initialization data deposit database in, in order to calling;
A
b. with the conventional software analysis tool that software typing to be measured is selected for use, instrument is handled one by one by analysis, obtains the initial analysis data of software under testing, with usefulness to be detected;
B. the pre-service of software under testing initial analysis data: from steps A
bExtract the defect characteristic data in all initial analysis data of software under testing of input, and the address of typing original data storage one by one, as the analysis data data of software under testing, use in order to further detecting;
C. detect successively and the safety defect level evaluation by single safety defect standard: will adopt steps A from the analysis data of step B gained software under testing
aMiddle each single safety defect examination criteria of setting detects one by one, detects and finishes back commentaries on classics step D; Each single safety defect detects step:
C
a. at first respectively the initial analysis data that each analysis tool provides are compared detection one by one according to the single safety defect standard of setting, when conforming to arbitrary characteristics parameter in the safety defect standard, then will analyze the characteristic parameter of data and detection trigger standard, send step C
bHandle; If all be not inconsistent, then be no safety defect data, directly change step D processing with each single defects detection standard;
C
b. safety defect level evaluation: according to step C
aThe data that have safety defect of input will add 1 on the defect estimation grade in the corresponding with it analysis data; Return step C then
aThe defect rank assessment of the detection that the continuation execution had not been carried out and this step finishes until detecting, assessing:
D. safety defect overall treatment: detect in the data of back input through step C, if do not have the data recording of safety defect, then deposit behind the database directly commentaries on classics step e in; If the analysis data of band safety defect, then therefrom extract and comprise that the defect characteristic data of defective locations feature and defective function feature carry out the overall treatment of safety defect, processing finishes the back, directly changes step e; The step of safety defect overall treatment is:
D
a. handle at the defective locations feature: respectively analyze data what step C handled back input tape safety defect, going out existing number at defective compares one by one, when identical row number occurs, then with corresponding defect rank addition, and analyzed software document name, defective are gone out existing number, safety defect grade deposit database in as the position feature reference record of defective;
D
b. handle at defective function feature: input tape safety defect after step C handles respectively analyzed data, chase a comparison at defect characteristic, when having identical defect characteristic, then with corresponding defect rank addition, and will cause that the function name of defective, safety defect grade deposit database in as the function representative record of defective;
E: the storage of testing result and data discard processing: will be through the result of the processing of step D input, that is: no safety defect or defective locations feature and defective function feature deposit the final detection result memory address one by one in, are the safety defect testing result of tested software; And other is analyzed data and the software raw data when to be measured make discard processing.
2. by the described integrated conduct method that detects based on software safety defect of claim 1, it is characterized in that the single characteristic standard of described software safety defect comprises: sensitivity function examination criteria, character string examination criteria, pointer examination criteria.
3. by the described integrated conduct method that detects based on software safety defect of claim 2, it is characterized in that described sensitivity function examination criteria is strcpy, fscanf, getwd, strncpy, strcat, strdup, sprintf, sqrt, log.
4. by the described integrated conduct method that detects based on software safety defect of claim 2, it is characterized in that described character string examination criteria is "/", " % ", " /=", " %=", len, abort, exit, assert, setjmp, longjmp, goto, break, continue, return, switch, for, while, do while.
5. by the described integrated conduct method that detects based on software safety defect of claim 2, it is characterized in that described pointer examination criteria is malloc, new, HeapAlloc, NULL.
6. the functional module construction that is adopted by the described software safety defect detection method of claim 1, comprise database and:
A. the unit module of software under testing and examination criteria initialization process is used for conventional analysis instrument, software under testing and the examination criteria selected for use are carried out initialization process, storage, for future use;
B. one is carried out pretreated unit module to software under testing initial analysis data, is used for extracting the defects detection feature from basic data, uses when detecting;
C. press single safety defect standard detection and safety defect level evaluation unit module for one, be used to call the single safety defect examination criteria of setting and respectively the software under testing initial analysis data that each analysis tool provides compared detection one by one, and the seriousness of its safety defect is carried out level evaluation according to its standard;
D. safety defect overall treatment unit module is used for the row that occurs at the software under testing defective number, defective function feature is carried out overall treatment, and the tested software of no safety defect data is noted down;
E. one to testing result storage with make the unit module of data discard processing, is used for the safety defect final detection result of tested software is deposited in memory address, and all the other raw data of analyzing data and tested software are made discard processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102162391A CN101706749B (en) | 2009-11-18 | 2009-11-18 | Comprehensive processing method based on software safety defect detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102162391A CN101706749B (en) | 2009-11-18 | 2009-11-18 | Comprehensive processing method based on software safety defect detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101706749A true CN101706749A (en) | 2010-05-12 |
| CN101706749B CN101706749B (en) | 2011-12-21 |
Family
ID=42376975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102162391A Expired - Fee Related CN101706749B (en) | 2009-11-18 | 2009-11-18 | Comprehensive processing method based on software safety defect detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101706749B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950270A (en) * | 2010-09-28 | 2011-01-19 | 电子科技大学 | Method for detecting security defects of software interface |
| CN102831052A (en) * | 2011-06-16 | 2012-12-19 | 中国银联股份有限公司 | Automatic generating device and method for test case |
| CN104899505A (en) * | 2014-03-07 | 2015-09-09 | 北京奇虎科技有限公司 | Software detection method and software detection device |
| CN106776270A (en) * | 2016-11-11 | 2017-05-31 | 努比亚技术有限公司 | A kind of code detection method, device and terminal |
| CN106815135A (en) * | 2015-11-30 | 2017-06-09 | 阿里巴巴集团控股有限公司 | leak detection method and device |
| CN107045477A (en) * | 2016-12-30 | 2017-08-15 | 上海富聪金融信息服务有限公司 | A kind of quality evaluation platform for carrying out various dimensions detection |
| CN107145445A (en) * | 2017-05-05 | 2017-09-08 | 携程旅游信息技术(上海)有限公司 | The automatic analysis method and system of the daily record that reports an error of software automated testing |
| CN111831541A (en) * | 2019-04-22 | 2020-10-27 | 西安邮电大学 | Software defect positioning method based on risk track |
| CN112114988A (en) * | 2019-06-21 | 2020-12-22 | 顺丰科技有限公司 | Client starting method, device, terminal and storage medium |
| CN112286753A (en) * | 2019-07-22 | 2021-01-29 | 腾讯科技(深圳)有限公司 | Method, device, server and storage medium for testing image processing accuracy |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100414512C (en) * | 2004-09-09 | 2008-08-27 | 北京航空航天大学 | Software associated fault inspection |
| KR100871820B1 (en) * | 2007-06-27 | 2008-12-03 | 엠디에스테크놀로지 주식회사 | System for assorting source error and method therefor |
| CN101482847B (en) * | 2009-01-19 | 2011-06-29 | 北京邮电大学 | Detection method based on safety bug defect mode |
-
2009
- 2009-11-18 CN CN2009102162391A patent/CN101706749B/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950270A (en) * | 2010-09-28 | 2011-01-19 | 电子科技大学 | Method for detecting security defects of software interface |
| CN102831052A (en) * | 2011-06-16 | 2012-12-19 | 中国银联股份有限公司 | Automatic generating device and method for test case |
| CN102831052B (en) * | 2011-06-16 | 2016-03-09 | 中国银联股份有限公司 | Test exemple automation generating apparatus and method |
| CN104899505A (en) * | 2014-03-07 | 2015-09-09 | 北京奇虎科技有限公司 | Software detection method and software detection device |
| WO2015131643A1 (en) * | 2014-03-07 | 2015-09-11 | 北京奇虎科技有限公司 | Software detection method and device |
| CN106815135A (en) * | 2015-11-30 | 2017-06-09 | 阿里巴巴集团控股有限公司 | leak detection method and device |
| CN106776270A (en) * | 2016-11-11 | 2017-05-31 | 努比亚技术有限公司 | A kind of code detection method, device and terminal |
| CN107045477A (en) * | 2016-12-30 | 2017-08-15 | 上海富聪金融信息服务有限公司 | A kind of quality evaluation platform for carrying out various dimensions detection |
| CN107145445A (en) * | 2017-05-05 | 2017-09-08 | 携程旅游信息技术(上海)有限公司 | The automatic analysis method and system of the daily record that reports an error of software automated testing |
| CN107145445B (en) * | 2017-05-05 | 2021-02-05 | 携程旅游信息技术(上海)有限公司 | Automatic analysis method and system for error log of software automation test |
| CN111831541A (en) * | 2019-04-22 | 2020-10-27 | 西安邮电大学 | Software defect positioning method based on risk track |
| CN111831541B (en) * | 2019-04-22 | 2022-10-28 | 西安邮电大学 | Software defect positioning method based on risk track |
| CN112114988A (en) * | 2019-06-21 | 2020-12-22 | 顺丰科技有限公司 | Client starting method, device, terminal and storage medium |
| CN112114988B (en) * | 2019-06-21 | 2023-03-31 | 顺丰科技有限公司 | Client starting method, device, terminal and storage medium |
| CN112286753A (en) * | 2019-07-22 | 2021-01-29 | 腾讯科技(深圳)有限公司 | Method, device, server and storage medium for testing image processing accuracy |
| CN112286753B (en) * | 2019-07-22 | 2023-03-17 | 腾讯科技(深圳)有限公司 | Method, device, server and storage medium for testing image processing accuracy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101706749B (en) | 2011-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101706749B (en) | Comprehensive processing method based on software safety defect detection | |
| WO2021179574A1 (en) | Root cause localization method, device, computer apparatus, and storage medium | |
| Liu et al. | SOBER: statistical model-based bug localization | |
| CN102053906A (en) | System and method for collecting program runtime information | |
| CN101477375B (en) | Sensor data verification method based on matrix singular values association rules mining | |
| CN103473162A (en) | Reliability evaluation system design method based on software fault injection | |
| CN110489314A (en) | Model method for detecting abnormality, device, computer equipment and storage medium | |
| CN112346993B (en) | Method, device and equipment for testing information analysis engine | |
| CN105260312B (en) | A kind of adjustment method of multinuclear real time system application data contention mistake | |
| CN104766015A (en) | Function call based dynamic detection method for buffer overflow vulnerability | |
| CN116450399A (en) | Fault diagnosis and root cause positioning method for micro service system | |
| CN111752833B (en) | Software quality system approval method, device, server and storage medium | |
| Pham et al. | Deviate: A deep learning variance testing framework | |
| CN109522207B (en) | Atom set serialization violation detection method based on constraint solving | |
| CN111767546B (en) | Deep learning-based input structure inference method and device | |
| CN116069674B (en) | Security assessment method and system for grade assessment | |
| CN116661954B (en) | Virtual machine abnormality prediction method, device, communication equipment and storage medium | |
| Li et al. | Locating vulnerability in binaries using deep neural networks | |
| Murtaza et al. | On the comparison of user space and kernel space traces in identification of software anomalies | |
| CN115934548A (en) | Statement level software defect positioning method and system based on information retrieval | |
| CN115640158A (en) | Detection analysis method and device based on database | |
| CN115525499A (en) | Data analysis method and device for hard disk, electronic equipment and storage medium | |
| JP2008076121A (en) | Delay failure analysis method and its device | |
| An et al. | Just-in-time flaky test detection via abstracted failure symptom matching | |
| Parsa et al. | Finding causes of software failure using ridge regression and association rule generation methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111221 Termination date: 20141118 |
|
| EXPY | Termination of patent right or utility model |