CN103853650B - A kind of method for generating test case of fuzz testing and device - Google Patents

A kind of method for generating test case of fuzz testing and device Download PDF

Info

Publication number
CN103853650B
CN103853650B CN201210496983.3A CN201210496983A CN103853650B CN 103853650 B CN103853650 B CN 103853650B CN 201210496983 A CN201210496983 A CN 201210496983A CN 103853650 B CN103853650 B CN 103853650B
Authority
CN
China
Prior art keywords
case
abnormal use
input field
grammar construct
spcial character
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210496983.3A
Other languages
Chinese (zh)
Other versions
CN103853650A (en
Inventor
唐文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to CN201210496983.3A priority Critical patent/CN103853650B/en
Priority to PCT/EP2013/074304 priority patent/WO2014082908A1/en
Publication of CN103853650A publication Critical patent/CN103853650A/en
Application granted granted Critical
Publication of CN103853650B publication Critical patent/CN103853650B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a kind of method for generating test case of fuzz testing and device, the method includes:The legal content of the input field according to system under test (SUT), determines the grammar construct of this input field, and the grammar construct of described input field includes the spcial character in this field and its position;Abnormal use-case is generated according to the generation method setting, and determines the grammar construct of the abnormal use-case being generated, the grammar construct of described abnormal use-case includes the spcial character in this abnormal use-case and its position;The relatively grammar construct of described abnormal use-case and the grammar construct of described input field;If the grammar construct of described abnormal use-case is identical with the position having at least one spcial character in the grammar construct of described input field, described abnormal use-case is used as the test case of described system under test (SUT).Using the present invention, the test case of fuzz testing and the input data of system under test (SUT) can be made to have higher similarity, thus realizing higher efficiency and more fully safety test.

Description

A kind of method for generating test case of fuzz testing and device
Technical field
The present invention relates to software security technical field of measurement and test, particularly to a kind of method for generating test case of fuzz testing And device.
Background technology
Black box(Black-box)Test as a kind of conventional software security method of testing, its test does not rely on tested soft The source code of part program, and always can detect the security breaches that tested personnel are ignored, thus in software security test Obtain a wide range of applications.
Fuzz testing(fuzz testing)It is a kind of Black-box Testing technology occurring in the nineties, this technical construction one Random a bit or semirandom data(Referred to as fuzz)As the input of tested software, and monitor tested software response and/ Or state, whether there is security breaches in tested software to determine.As a kind of Black-box Testing instrument, fuzz testing is generally used In large-scale software development project, it is advantageous that:The advantage of lower cost tested, and can be automatically obtained completely;And And, fuzz testing often can be found out than security breaches more serious and being used by attacker.
Due to the fast development of network and communication technology with widely use, current one of software security field tests is important Problem is to carry out safety test to protocol realization such as communication protocol, industry control agreements.The weight of security breaches is caused in protocol realization Want one of reason to be the abnormality processing to input data, overflow because the safety problem that abnormality processing is led to for example includes relief area Go out attack, format string attack and code injection attack etc..
Fuzz testing for protocol realization is normally based on character, even if some input fields of tested agreement are bases In binary bit stream it is also possible to the data flow that this binary bit stream is converted to character style is tested, therefore, to In tested agreement, the test case of input is usually random or semirandom character string.Because this character string is advised with meeting agreement The legal content difference of model is larger, and tested agreement to its correct parsing, or cannot may check that it is illegal input, thus refusing This test case absolutely.Therefore, not only testing efficiency is low to carry out fuzz testing using this test case, and be difficult to detect by Survey the security breaches of the deep layer within agreement.
A kind of fuzz testing method is proposed in U.S. Patent application US20090164975A1.In view of system under test (SUT) Some input datas may be compiled through Base64 coding or forward error correction through the coding of ad hoc fashion, such as this part input data Code(FEC), through randomization(fuzz)This part input data afterwards may be decoded by system under test (SUT), even if can be solved Code, decoded data is likely to lose original form or cannot be resolved.For this reason, the method bag in this patent application Include:Receive the format data that processed by system under test (SUT), determine coded system that this format data adopted and select wherein Partial data to carry out randomization, according to described coded method determine corresponding decoder to select decoding data, Randomization is carried out to decoded data, determines that corresponding encoder is carried out to the data after randomization according to described coded method Coding, is tested to system under test (SUT) using the randomization data after coding.The method although it is contemplated that system under test (SUT) some The specific coding mode of input data, but the input data after randomization still may be on form and normal input data There is larger difference, thus equally can face the problem refused by system under test (SUT).
Content of the invention
For the problems referred to above, in order that the test case of fuzz testing has higher phase with the input data of system under test (SUT) Like property, the embodiment of the present invention proposes a kind of method for generating test case of fuzz testing and device.
The method for generating test case of fuzz testing according to embodiments of the present invention, including:
The legal content of the input field according to system under test (SUT), determines the grammar construct of this input field, described input word The grammar construct of section includes the spcial character in this field and its position;
Abnormal use-case is generated according to the generation method setting, and determines the grammar construct of the abnormal use-case being generated, described The grammar construct of abnormal use-case includes spcial character and its position in this abnormal use-case;
The relatively grammar construct of described abnormal use-case and the grammar construct of described input field;
If there being at least one special word in the grammar construct of the grammar construct of described abnormal use-case and described input field The position of symbol is identical, then described abnormal use-case is used as the test case of described system under test (SUT).
A kind of Test cases technology device of fuzz testing according to embodiments of the present invention, including:
Input field grammar construct determining unit, for the legal content of the input field according to system under test (SUT), determining should The grammar construct of input field, the grammar construct of described input field includes the spcial character in this field and its position;
Abnormal use-case generates and grammar construct determining unit, for abnormal use-case is generated according to the generation method setting, and Determine the grammar construct of the abnormal use-case being generated, the grammar construct of described abnormal use-case includes the special word in this abnormal use-case Symbol and its position;
Comparing unit, for the relatively grammar construct of described abnormal use-case and the grammar construct of described input field;
Screening unit, for when having at least in the grammar construct of described abnormal use-case and the grammar construct of described input field When the position of one spcial character is identical, then described abnormal use-case is used as the test case of described system under test (SUT).
In the method and apparatus that the embodiments of the present invention provide, selected test case is legal with input field There is the position of at least one spcial character identical in content, and spcial character and its position can determine test case and input field Grammar construct, therefore, selected test case has certain similarity with the legal content of input field on form, Such test case is input to after in system under test (SUT) passes through the syntax check of system under test (SUT) or the possibility that can be successfully parsed Property is bigger, such that it is able to reduce the situation that test case is refused by system under test (SUT), to realize higher efficiency and more fully safe Test.
Brief description
The exemplary embodiment of the present invention will be described in detail by referring to accompanying drawing below, make those of ordinary skill in the art Become apparent from the above and other feature and advantage of the present invention, in accompanying drawing:
Fig. 1 is the schematic flow sheet of the method for generating test case according to the embodiment of the present invention;
Fig. 2 is the schematic diagram of the prefix tree automaton of input field in the embodiment of the present invention;
Fig. 3 is the schematic diagram of the prefix tree automaton of input field in another embodiment of the present invention;
Fig. 4 is the schematic diagram of the prefix tree automaton of abnormal use-case in the embodiment of the present invention;
Fig. 5 is the schematic diagram of the prefix tree automaton of abnormal use-case in another embodiment of the present invention;
Fig. 6 is the structural representation of the Test cases technology device according to the embodiment of the present invention;
Fig. 7 is the structural representation of the Test cases technology equipment according to the embodiment of the present invention.
Specific embodiment
Hereafter by the way of clearly understandable by description of a preferred embodiment and combine accompanying drawing come above-mentioned to the present invention Characteristic, technical characteristic, advantage and its implementation are further described.
The embodiment of the present invention proposes a kind of method for generating test case for fuzz testing, as shown in figure 1, the method Comprise the steps:
Step 101:The legal content of the input field according to system under test (SUT), determines the grammar construct of this input field, institute The grammar construct stating input field includes the spcial character in this field and its position.
In embodiments of the present invention, system under test (SUT) can be that application program, protocol realization etc. are write using computer code Software, hereinafter collectively referred to as system under test (SUT).
According to specific application scenarios or protocol specification, the legal content of the input field of system under test (SUT) needs to meet necessarily Grammar construct.So-called grammar construct refers to the grammatical ruless that the legal content of this input field should meet, in the present invention In embodiment, this grammatical rules includes spcial character and its position in this field.Here, spcial character can be except small letter Any symbol for specific use beyond letter, capitalization and numeral.The operating system that adopted with system under test (SUT), association View specification and/or the difference of programming language, the spcial character in the legal content of its input field can be different.For example, exist In C/C++ programming language, " % " represents the beginning of format string;Data exchange standard in passenger and airport(PADIS, Passenger and Airport Data InterchangeStandards)In agreement, "+" represent the separator of data item.
Step 102:Abnormal use-case is generated according to the generation method setting, and determines the syntax knot of the abnormal use-case being generated Structure, the grammar construct of described abnormal use-case includes the spcial character in this abnormal use-case and its position.
In this step, abnormal use-case can be generated using the generation method setting.For example the most simply, can adopt Random manner generates abnormal use-case, using existing method, the random abnormal use-case generating can also be carried out further Filter, to remove similar abnormal use-case so that test case can more fully cover the input space of system under test (SUT), thus carry The efficiency of high fuzz testing.Or, fuzz testing method in patent application as described above etc. may also be employed more intelligent Mode generating abnormal use-case.In an embodiment of the present invention, the generation method for abnormal use-case is not restricted.
For the abnormal use-case generating, equally its grammar construct is analyzed, determines the spcial character in abnormal use-case And its position.
Step 103:The relatively grammar construct of abnormal use-case and the grammar construct of input field.
Next, each spcial character occurring and its position in abnormal use-case and input field are compared.
Step 104:If having at least one special word in the abnormal grammar construct of use-case and the grammar construct of input field The position of symbol is identical, then described abnormal use-case is used as the test case of described system under test (SUT).
After being compared, in grammar construct if there is abnormal use-case and the grammar construct of input field, there is one Or the position of multiple spcial character is identical, then using this abnormal use-case as fuzz testing test case.
In the method that the embodiments of the present invention provide, in the legal content of selected test case and input field There is the position of at least one spcial character identical, and spcial character and its position can determine the syntax of test case and input field Structure, therefore, selected test case has certain similarity with the legal content of input field on form, such Test case be input in system under test (SUT) after the syntax check passing through system under test (SUT) or the probability that can be successfully parsed bigger, Such that it is able to reduce the situation that test case is refused by system under test (SUT), to realize higher efficiency and more fully safety test.
In another embodiment in accordance with the invention, priority can be set for test case, when test case and input When in the grammar construct of field, the position of identical spcial character is more, the priority of test case is higher.The special word of identical The position of symbol is more, shows that the form similarity between test case and the legal content of input field is bigger, this test case Unaccepted probability is less, therefore, it can this test case is preferentially tested.
In the specific implementation, several threshold ranges can be correspondingly arranged according to required priority.For example corresponding preferential Level 1,2,3, is respectively provided with threshold range n<A、A≤n≤B、n>B, n represent the quantity of the position of identical spcial character, A and B For setting value;When the position of identical spcial character in the grammar construct with input field for the test case is less than threshold value A, this survey The priority of example on probation is 1, and the like.The higher test case of priority preferentially will be used in fuzz testing.
According to still another embodiment of the invention, used as test case abnormal use-case grammar construct with defeated The grammar construct entering field is compared, the position of at least one spcial character and spcial character all same itself, then can be this test The higher priority of use-case setting.Specifically, for example can be first according to test case and phase in the grammar construct of input field The quantity setting master-priority of the same position of spcial character;Then, under the conditions of same master-priority, further according to phase The quantity of same spcial character arranges auxiliary priority, and the quantity of identical spcial character is more, and auxiliary priority is higher.
Additionally, also the phrase in this input field and its value can be determined according to the legal content of input field;And, Determine the phrase in the abnormal use-case being generated and its value;Described phrase is separated by spcial character, here, described phrase is permissible It is lower case, capitalization or numeral or the character string being made up of lower case, capitalization and/or numeral.
If there being at least one special word in the grammar construct of abnormal use-case being generated and the grammar construct of input field The position of symbol is identical, namely when this abnormal use-case will be used as test case, can compare this test case and input further The value of the phrase with least one spcial character described as prefix/postfix in the legal content of field.If with described at least One spcial character is that the value of the phrase of prefix/postfix is identical, then can arrange higher priority for this test case, with Preferentially use in fuzz testing.Specifically, for example can be identical with the grammar construct of input field according to test case first The position of spcial character quantity setting master-priority;Then, under the conditions of same master-priority, further according to identical The quantity of the phrase of value arranges auxiliary priority, and the quantity of the phrase of identical value is more, and auxiliary priority is higher.
System under test (SUT) input field generally comprise two classes:The input word of the input field of regular length and variable-length Section.Wherein, the length of the input field of variable-length can be characterized by length field or specific end mark etc..Spcial character is many Occur in the input field of variable-length, in the different input data of system under test (SUT), the length of the input field of variable-length Degree and the content being comprised may be different.The all possible legal content that the input field of variable-length is comprised can be by front Sew tree automaton(PTA, Prefix Tree Automata), deterministic finite automaton(DFA, Deterministic Finite Automata)Or regular expression is representing.
For example, to represent all possible legal content that the input field of a variable-length is comprised with PTA, wherein often Individual state(I.e. node)Represent the phrase occurring in the legal content of this field, the transfer between state represents the spy separating phrase Different character.By the original state of PTA, along a bar state transfer path of PTA, reach the output knot of an end-state Fruit is a kind of possible legal content of input field.It is assumed that the input field of a variable-length may have three kinds legal defeated Enter, respectively:" A/B/C ", " A/C ", " A/B/D ", then the PTA generating for this input field is represented by as shown in Figure 2.
Wherein, node " A ", " B ", " C ", " D " are exactly each state of PTA, and representing can in the legal content of this field The phrase that can occur, the transfer between the state represented by arrow is for separating the spcial character of phrase.Original state " A " by PTA Set out, along a bar state transfer path of PTA, the output result reaching end-state " D " is a kind of possible legal defeated Enter " A/B/D ", in the same manner, also can get remaining two kinds possible legal inputs " A/B/C ", " A/C ".
Again taking the format string input field in C language as a example, here is with possible legal of three kinds of this input field As a example content, respectively " %s%d ", " %.16x ", " %*x ", in these three possible legal content, the spcial character of appearance is " % ", ". " and " * ", then the PTA of this input field obtaining after these legal content being analyzed is represented by shown in Fig. 3,
Wherein, " O " node represents that the phrase representated by this node is null character string.
As it was noted above, the input field of system under test (SUT) generally can be represented with character style.Accordingly, the exception being generated Use-case can include overlength character string, format string and code/one or more therein of script character string, corresponds to respectively In security breaches such as buffer overflow attack, format string attack and code injection attacks.
Below by by abnormal use-case for overlength character string and format string as a example come concrete to the present invention further Embodiment illustrates.
First, taking the abnormal use-case of overlength character string as a example:
The abnormal use-case of overlength character string class attempts to use(Considerably beyond)The character string of the length that legal content is allowed is led System under test (SUT) is caused the exception of buffer overflow to occur it is assumed that being generated in the present embodiment during processing input data Abnormal use-case is as follows:
AAA…AAA/EEEE…EEEE
AAA…AAA/BBB…BBB/CCC…CCC
AAA…AAA@DDD…DDD
Wherein, the very long character string that the expression such as " AAA ... AAA " is made up of capitalization ' A ' etc.(It is far longer than 1 word Symbol), then the PTA of the abnormal use-case obtaining after these abnormal use-cases are analyzed is represented by shown in Fig. 4.
It is assumed that the PTA of input field understands as shown in Fig. 2 comparing Fig. 2 and Fig. 4 in the present embodiment, abnormal use-case Three phrases are all included, adjacent two phrases in " AAA ... AAA/BBB ... BBB/CCC ... CCC " and legal content " A/B/D " Between be separated by spcial character "/", therefore, abnormal use-case " AAA ... AAA/BBB ... BBB/CCC ... CCC " is interior with legal The grammar construct holding " A/B/D " is identical, and that is, wherein the spcial character of appearance and its position are identical;Equally, abnormal use-case " AAA ... AAA/EEEE ... EEEE " is also identical with the grammar construct of legal content " A/C ".Due to these abnormal use-cases with corresponding Legal content is identical on form, and such abnormal use-case passes through the syntax check of system under test (SUT) or can be successfully parsed Probability bigger, thus the situation refused by system under test (SUT) can be reduced, therefore, these abnormal use-cases are easy to by tested system System regards normal input data.But overlength character strings such as " AAA ... AAA " may lead to the input data of system under test (SUT) buffering Area overflows, and is used these abnormal use-cases to carry out fuzz testing as test case to system under test (SUT) it would be possible to find system under test (SUT) Present in buffer-overflow vulnerability, thus the effectiveness of obfuscation security test can be improved, and make test process more high Effect.
Due to test case " AAA ... AAA/BBB ... BBB/CCC ... CCC " and " AAA ... AAA/EEEE ... EEEE " with corresponding Legal content in occur spcial character and its position identical, can be preferentially using this two during fuzz testing Test case is tested.
Abnormal use-case " AAA ... AAA@DDD ... DDD " is different from the spcial character occurring in legal input data " A/C ", point Not Wei "@" and "/", but its position identical that is to say, that abnormal use-case " AAA ... AAA@DDD ... DDD " and legal content " A/C " Grammar construct similar, therefore, this abnormal use-case can also be used for fuzz testing as test case, but its priority can be less than Above-mentioned two test case " AAA ... AAA/BBB ... BBB/CCC ... CCC " and " AAA ... AAA/EEEE ... EEEE ".
Next, taking the abnormal use-case of format string as a example:
The purpose of the abnormal use-case of format string class is to not specified formatting by abnormal format string The input field of character string, the input data of the such as function such as printf carries out safety test.It is assumed that being generated in the present embodiment Abnormal use-case as follows:
AAAA
“%s%d%s%d”
“%.4096d”
“%****d”
The PTA obtaining after so these abnormal use-cases being analyzed is represented by shown in Fig. 5.
It is assumed that the PTA of input field understands as shown in figure 3, comparing Fig. 3 and Fig. 5 in the present embodiment, abnormal use-case " % .4096d " identical with the grammar construct of legal content " %.16x ", that is, wherein the spcial character of appearance and its position are identical, But in both phrase with spcial character ". " as prefix, 4096 value is far longer than 16, and this may lead to printf etc. The memory abnormal of function distribution.Therefore, it is used this abnormal use-case to carry out fuzz testing as test case to system under test (SUT), permissible Reduce the situation that test case is refused by system under test (SUT), and it can be found that format string leakage present in system under test (SUT) Hole so that test process more effectively.
Prefix in abnormality test use-case " %s%d%s%d " and " %****d "(“%s%d”、“%*”)With legal content " %s%d " The grammar construct of " %*x " is identical, and that is, wherein the spcial character of appearance and its position are identical, therefore, abnormality test use-case " %s% D%s%d " and " %****d " can be used for fuzz testing.
The abnormal grammar construct of use-case " AAAA " and the grammar construct of all possible legal content do not have any similarity, In order to save testing time and test resource, can be discarded without in fuzz testing.
Above the specific embodiment of the inventive method is described in detail.
The embodiment of the present invention also proposed a kind of Test cases technology device for fuzz testing, as shown in fig. 6, this dress Put 60 to realize in the way of using software, hardware or software and hardware combining, specifically can include:
Input field grammar construct determining unit 601, for the legal content of the input field according to system under test (SUT), determines The grammar construct of this input field, the grammar construct of described input field includes the spcial character in this field and its position;
Abnormal use-case generates and grammar construct determining unit 602, for abnormal use-case is generated according to the generation method setting, And determining the grammar construct of the abnormal use-case being generated, it is special in this abnormal use-case that the grammar construct of described abnormal use-case includes Character and its position;
Comparing unit 603, for the relatively grammar construct of abnormal use-case and the grammar construct of input field;
Screening unit 604, has at least one for working as in the abnormal grammar construct of use-case and the grammar construct of input field When the position of spcial character is identical, abnormal use-case is used as the test case of system under test (SUT).
In a specific embodiment of apparatus of the present invention, screening unit 604, can be further used for arranging for test case Priority, wherein, compared with the grammar construct of input field, identical is special for the grammar construct of the abnormal use-case as test case When the position of different character is more, the priority of test case is higher.
In another embodiment of apparatus of the present invention, screening unit 604, it may also be used for when the exception as test case Use-case, compared with the grammar construct of input field, when the position of at least one spcial character and spcial character all same itself, is The higher priority of this test case setting.
In another embodiment of apparatus of the present invention, input field grammar construct determining unit 601, it may also be used for according to The legal content of input field, determines the phrase in this input field and its value, described phrase is by special in input field Character separates.
Abnormal use-case generates and grammar construct determining unit 602, it may also be used for determine short in the abnormal use-case being generated Language and its value, described phrase is separated by the spcial character in abnormal use-case.
Comparing unit 603, it may also be used for when having at least in the grammar construct of abnormal use-case and the grammar construct of input field When the position of one spcial character is identical, further with least one spcial character described in more abnormal use-case and legal content Value for the phrase of prefix/postfix.
Screening unit 604, it may also be used for when the value phase of the phrase with least one spcial character described as prefix/postfix Meanwhile, higher priority is set for this test case.
Due to being described in detail to the specific embodiment of the inventive method above, being embodied as of apparatus of the present invention Example is referred to the respective description for the inventive method, will not be described here.
The embodiment of the present invention additionally provides a kind of Test cases technology equipment for fuzz testing, as shown in fig. 7, this sets Standby can be realized by single physical entity, or the part as any physical entity for fuzz testing.
As shown in fig. 7, this Test cases technology equipment 70 being used for fuzz testing can include memorizer 701 and processor 702.Wherein, memorizer 701 can be used for storing executable instruction.Processor 702 can be used for being stored according to memorizer 701 Executable instruction, execute following steps:
The legal content of the input field according to system under test (SUT), determines the grammar construct of this input field, described input word The grammar construct of section includes the spcial character in this field and its position;
Abnormal use-case is generated according to the generation method setting, and determines the grammar construct of the abnormal use-case being generated, described The grammar construct of abnormal use-case includes spcial character and its position in this abnormal use-case;
The relatively grammar construct of abnormal use-case and the grammar construct of input field;
When the position phase having at least one spcial character in the grammar construct of abnormal use-case and the grammar construct of input field Meanwhile, abnormal use-case is used as the test case of system under test (SUT).
Further, priority, wherein, the grammar construct of the abnormal use-case as test case can be set for test case Compared with the grammar construct of input field, when the position of identical spcial character is more, the priority of test case is higher.
Used as test case abnormal use-case grammar construct compared with the grammar construct of input field, at least one The position of spcial character and spcial character all same itself, then can be the higher priority of this test case setting.
Additionally, also the phrase in this input field and its value can be determined according to the legal content of input field, described short Language is separated by the spcial character in input field;And, determine the phrase in the abnormal use-case being generated and its value, described short Language is separated by the spcial character in abnormal use-case.When having at least in the grammar construct of abnormal use-case and the grammar construct of input field When the position of one spcial character is identical, can compare further in abnormal use-case and legal content with least one special word described Accord with the value of the phrase for prefix/postfix.When the value of the phrase with least one spcial character described as prefix/postfix is identical When, for the higher priority of this test case setting.
The embodiment of the present invention additionally provides a kind of machine readable media, is stored thereon with executable instruction, when this is executable So that a machine executes the step performed by aforementioned processor 702 when instruction is performed.Specifically it is provided that being furnished with storage The system of medium or device, store the software realizing the function of any embodiment in above-described embodiment on the storage medium Program code, and make the computer of this system or device(Or CPU or MPU)Read and execute the journey being stored in storage medium Sequence code.
In this case, can achieve that above-described embodiment, any one is real from the program code itself that storage medium reads The medium applying the function of example, therefore program code and store program codes constitutes the part of the present invention.
Machine readable media embodiment for providing program code includes floppy disk, hard disk, magneto-optic disk, CD(As CD- ROM、CD-R、CD-RW、DVD-ROM、DVD-RAM、DVD-RW、DVD+RW), tape, Nonvolatile memory card and ROM.May be selected Ground, can by communication network from server computer download program code.
Further, it should be apparent that, not only by the program code read-out by execution computer, and can pass through Make operating system of calculating hands- operation etc. complete partly or completely practical operation based on the instruction of program code, thus Realize the function of any one embodiment in above-described embodiment.
Further, it is to be appreciated that the program code being read by storage medium is write the expansion board in insertion computer In in set memorizer or write in the memorizer of setting in the expanding element being connected with computer, be subsequently based on journey The instruction of sequence code makes CPU being arranged on expansion board or expanding element etc. come executable portion and whole practical operation, thus Realize the function of any embodiment in above-described embodiment.
It should be noted that not all of step and module are all necessary in above-mentioned schematic diagram, can be according to reality The needing of border ignores some steps or module.The execution sequence of each step is not fixing, can be adjusted as needed.On Stating the modular structure described in each embodiment can be physical arrangement or logical structure, i.e. some modules may be by same One physical entity is realized, or, some modules may be divided and realized by multiple physical entities, or, can be by multiple autonomous devices In some parts jointly realize.
Above by drawings and Examples, the present invention is carried out with detailed displaying and illustrated, but the invention is not restricted to these The embodiment having revealed that, other schemes that those skilled in the art therefrom derive are also within protection scope of the present invention. Therefore, protection scope of the present invention should be defined by appending claims.

Claims (15)

1. a kind of method for generating test case of fuzz testing, including:
The legal content of the input field according to system under test (SUT), determines the grammar construct of this input field, described input field Grammar construct includes spcial character and its position in this field;
Abnormal use-case is generated according to the generation method setting, and determines the grammar construct of the abnormal use-case being generated, described exception The grammar construct of use-case includes spcial character and its position in this abnormal use-case;
The relatively grammar construct of described abnormal use-case and the grammar construct of described input field;
If having at least one spcial character in the grammar construct of the grammar construct of described abnormal use-case and described input field Position is identical, then described abnormal use-case is used as the test case of described system under test (SUT).
2. method according to claim 1 is it is characterised in that also include:
For described test case arrange priority, wherein, the grammar construct of the abnormal use-case as described test case with described The grammar construct of input field is compared, and when the position of identical spcial character is more, the priority of described test case is higher.
3. method according to claim 2 is it is characterised in that also include:
Used as described test case abnormal use-case grammar construct compared with the grammar construct of described input field, at least The position of one spcial character and spcial character all same itself, then arrange higher priority for this test case.
4. method according to claim 2 is it is characterised in that also include:
According to the legal content of described input field, determine the phrase in this input field and its value, described phrase is by described Spcial character in input field separates;
Determine the phrase in the abnormal use-case being generated and its value, described phrase is divided by the spcial character in described abnormal use-case Every;
If having at least one spcial character in the grammar construct of the grammar construct of described abnormal use-case and described input field Position is identical, then compare further in described abnormal use-case and described legal content with least one spcial character described be front Sew/the value of the phrase of suffix;
If the value of the phrase with least one spcial character described as prefix/postfix is identical, for the setting of this test case Higher priority.
5. method according to claim 4 it is characterised in that described grammar construct and described phrase and its value pass through with Any one mode lower is described:
Prefix tree automaton, deterministic finite automaton and regular expression.
6. according to the arbitrary described method of claim 1 to 5 it is characterised in that
Described input field is variable length.
7. method according to claim 6 is it is characterised in that the abnormal use-case being generated includes following one kind or many Kind:
Overlength character string, format string and code/script character string.
8. the Test cases technology device of a kind of fuzz testing, including:
Input field grammar construct determining unit, for the legal content of the input field according to system under test (SUT), determines this input The grammar construct of field, the grammar construct of described input field includes the spcial character in this field and its position;
Abnormal use-case generates and grammar construct determining unit, for generating abnormal use-case according to the generation method setting, and determines The grammar construct of the abnormal use-case being generated, the grammar construct of described abnormal use-case include spcial character in this abnormal use-case and Its position;
Comparing unit, for the relatively grammar construct of described abnormal use-case and the grammar construct of described input field;
Screening unit, for when having at least one in the grammar construct of described abnormal use-case and the grammar construct of described input field When the position of spcial character is identical, then described abnormal use-case is used as the test case of described system under test (SUT).
9. device according to claim 8 it is characterised in that
Described screening unit, is further used for arranging priority for described test case, wherein, different as described test case The grammar construct of conventional example is compared with the grammar construct of described input field, when the position of identical spcial character is more, described The priority of test case is higher.
10. device according to claim 9 it is characterised in that
Described screening unit, is additionally operable to when the grammar construct of abnormal use-case as described test case and described input field Grammar construct is compared, and when the position of at least one spcial character and spcial character all same itself, arranges more for this test case High priority.
11. devices according to claim 9 it is characterised in that
Described input field grammar construct determining unit, is additionally operable to the legal content according to described input field, determines this input Phrase in field and its value, described phrase is separated by the spcial character in described input field;
Described abnormal use-case generates and grammar construct determining unit, be additionally operable to determine phrase in the abnormal use-case being generated and its Value, described phrase is separated by the spcial character in described abnormal use-case;
Described comparing unit, be additionally operable to when have in the grammar construct of described abnormal use-case and the grammar construct of described input field to When the position of a few spcial character is identical, further with described at least one in more described abnormal use-case and described legal content Individual spcial character is the value of the phrase of prefix/postfix;
Described screening unit, is additionally operable to when the value of the phrase with least one spcial character described as prefix/postfix is identical, For the higher priority of this test case setting.
12. devices according to claim 11 are it is characterised in that described grammar construct and described phrase and its value pass through Any one mode is described below:
Prefix tree automaton, deterministic finite automaton and regular expression.
13. according to Claim 8 to 12 arbitrary described devices it is characterised in that
Described input field is variable length.
14. devices according to claim 13 are it is characterised in that the abnormal use-case being generated includes following one kind or many Kind:
Overlength character string, format string and code/script character string.
A kind of Test cases technology equipment of 15. fuzz testings, including:
Memorizer, for storing executable instruction;
Processor, for according to the executable instruction being stored, execution is as any one the claim institute in claim 1-7 The method stated.
CN201210496983.3A 2012-11-28 2012-11-28 A kind of method for generating test case of fuzz testing and device Expired - Fee Related CN103853650B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210496983.3A CN103853650B (en) 2012-11-28 2012-11-28 A kind of method for generating test case of fuzz testing and device
PCT/EP2013/074304 WO2014082908A1 (en) 2012-11-28 2013-11-20 Method and apparatus for generating test case for fuzz test

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210496983.3A CN103853650B (en) 2012-11-28 2012-11-28 A kind of method for generating test case of fuzz testing and device

Publications (2)

Publication Number Publication Date
CN103853650A CN103853650A (en) 2014-06-11
CN103853650B true CN103853650B (en) 2017-03-01

Family

ID=49683695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210496983.3A Expired - Fee Related CN103853650B (en) 2012-11-28 2012-11-28 A kind of method for generating test case of fuzz testing and device

Country Status (2)

Country Link
CN (1) CN103853650B (en)
WO (1) WO2014082908A1 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320312B (en) * 2014-11-20 2018-01-02 国家电网公司 Network application safe test tool and fuzz testing case generation method and system
US10108536B2 (en) * 2014-12-10 2018-10-23 General Electric Company Integrated automated test case generation for safety-critical software
CN105512025B (en) * 2014-12-31 2019-01-15 哈尔滨安天科技股份有限公司 Fuzz engine optimization method and system based on simulation message
CN105868095B (en) * 2015-01-22 2018-11-13 阿里巴巴集团控股有限公司 Generate the method and apparatus of test data
CN106294102B (en) * 2015-05-20 2021-04-09 腾讯科技(深圳)有限公司 Application program testing method, client, server and system
CN105512562B (en) * 2015-12-01 2018-12-25 珠海市君天电子科技有限公司 Vulnerability mining method and device and electronic equipment
CN105335657B (en) * 2015-12-07 2019-04-05 珠海豹趣科技有限公司 A kind of program bug detection method and device
CN106330601A (en) * 2016-08-19 2017-01-11 北京匡恩网络科技有限责任公司 Test case generating method and device
CN106067893A (en) * 2016-09-14 2016-11-02 中山大学 A kind of data interactive method based on Web
CN106506280B (en) * 2016-11-24 2019-10-01 工业和信息化部电信研究院 The communication protocol test method and system of smart home device
CN106610899B (en) * 2016-12-30 2020-01-14 中国科学院长春光学精密机械与物理研究所 Test case generation method and device
US10983853B2 (en) 2017-03-31 2021-04-20 Microsoft Technology Licensing, Llc Machine learning for input fuzzing
CN110196804B (en) * 2018-04-24 2022-03-11 腾讯科技(深圳)有限公司 Service testing method and device, storage medium and electronic device
CN109145609B (en) * 2018-09-06 2023-06-23 平安科技(深圳)有限公司 Data processing method and device
CN109597767B (en) * 2018-12-19 2021-11-12 中国人民解放军国防科技大学 Genetic variation-based fuzzy test case generation method and system
CN109739755B (en) * 2018-12-27 2020-07-10 北京理工大学 Fuzzy test system based on program tracking and mixed execution
US10831646B2 (en) 2019-01-02 2020-11-10 International Business Machines Corporation Resources usage for fuzz testing applications
CN110059010B (en) * 2019-04-12 2023-01-31 西北工业大学 Buffer overflow detection method based on dynamic symbol execution and fuzzy test
CN110113227B (en) * 2019-04-18 2022-08-02 上海大学 Variational self-coding fuzzy test case generation method
CN110401581B (en) * 2019-07-22 2020-12-01 杭州电子科技大学 Industrial control protocol fuzzy test case generation method based on flow tracing
CN110427328A (en) * 2019-08-07 2019-11-08 北京字节跳动网络技术有限公司 Text handling method, device, equipment and storage medium
CN111813653B (en) * 2020-05-28 2023-07-04 杭州览众数据科技有限公司 Data exception testing method and automatic testing tool related to field content
CN112055003B (en) * 2020-08-26 2022-12-23 上海电力大学 Method for generating private protocol fuzzy test case based on byte length classification
CN112506795A (en) * 2020-12-18 2021-03-16 国家工业信息安全发展研究中心 Method, system, terminal and storage medium for testing security vulnerability of industrial control equipment
CN112905493B (en) * 2021-04-07 2023-07-18 南京大学 Structured fuzzy test method based on conversion test
CN115396332B (en) * 2022-06-20 2024-03-15 内蒙古电力(集团)有限责任公司内蒙古超高压供电分公司 Fuzzy test method for power communication protocol, terminal equipment and storage medium
CN116881058A (en) * 2023-07-19 2023-10-13 凯云联创(北京)科技有限公司 Fuzzy test method for embedded equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833503A (en) * 2010-04-14 2010-09-15 武汉大学 Test system for trusted software stack based on fuzzy technology
CN101901183A (en) * 2009-05-31 2010-12-01 西门子(中国)有限公司 Method and device of test case for filtering

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8286133B2 (en) 2007-12-19 2012-10-09 Microsoft Corporation Fuzzing encoded data
US8429614B2 (en) * 2008-06-23 2013-04-23 International Business Machines Corporation Method and apparatus of effective functional test data generation for web service testing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901183A (en) * 2009-05-31 2010-12-01 西门子(中国)有限公司 Method and device of test case for filtering
CN101833503A (en) * 2010-04-14 2010-09-15 武汉大学 Test system for trusted software stack based on fuzzy technology

Also Published As

Publication number Publication date
WO2014082908A1 (en) 2014-06-05
CN103853650A (en) 2014-06-11

Similar Documents

Publication Publication Date Title
CN103853650B (en) A kind of method for generating test case of fuzz testing and device
Gupta et al. Enhancing the browser-side context-aware sanitization of suspicious HTML5 code for halting the DOM-based XSS vulnerabilities in cloud
US8615804B2 (en) Complementary character encoding for preventing input injection in web applications
US10387655B2 (en) Method, system and product for using a predictive model to predict if inputs reach a vulnerability of a program
TWI498752B (en) Extracting information from unstructured data and mapping the information to a structured schema using the naive bayesian probability model
US8286133B2 (en) Fuzzing encoded data
Ganesh et al. HAMPI: A string solver for testing, analysis and vulnerability detection
US10325097B2 (en) Static detection of context-sensitive cross-site scripting vulnerabilities
US8635602B2 (en) Verification of information-flow downgraders
US20100306285A1 (en) Specifying a Parser Using a Properties File
US20040205411A1 (en) Method of detecting malicious scripts using code insertion technique
US8701186B2 (en) Formal analysis of the quality and conformance of information flow downgraders
CN103036730A (en) Method and device for achieving safety testing on protocol implementation
WO2003067405A2 (en) Automated security threat testing of web pages
KR101874373B1 (en) A method and apparatus for detecting malicious scripts of obfuscated scripts
CN111124479B (en) Method and system for analyzing configuration file and electronic equipment
KR101645019B1 (en) Rule description language for software vulnerability detection
Zhao et al. A new framework of security vulnerabilities detection in PHP web application
Leithner et al. Hydra: Feedback-driven black-box exploitation of injection vulnerabilities
Mui et al. Preventing web application injections with complementary character coding
Li et al. Understanding and detecting performance bugs in markdown compilers
US9405916B2 (en) Automatic correction of security downgraders
US20220021691A1 (en) Creation of generalized code templates to protect web application components
US11088898B2 (en) Updating logging behavior of a computer system using collaboration within interconnected systems
CN109218284B (en) XSS vulnerability detection method and device, computer equipment and readable medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170301

Termination date: 20171128

CF01 Termination of patent right due to non-payment of annual fee