CN104199774B

CN104199774B - Program security testing method and device

Info

Publication number: CN104199774B
Application number: CN201410453672.8A
Authority: CN
Inventors: 李文林; 张武; 张一武; 张�杰
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Hongxiang Technical Service Co Ltd
Priority date: 2014-09-05
Filing date: 2014-09-05
Publication date: 2017-02-22
Anticipated expiration: 2034-09-05
Also published as: CN104199774A

Abstract

The invention discloses a program security testing method and device. The method mainly includes the steps that test task information of a tested program is acquired, and historical loading recorded information of a loading module in the tested program is acquired; on the basis of the test task information, a use case and use case attribute information are generated respectively for each piece of historical loading recorded information, the use case attribute information is information required for installing an operation use case, and the use case attribute information contains all the attempt loading path information in the loading process of the loading module; each use case is installed according to the corresponding use case attribute information, and the use case executes loading operation of the loading module on the basis of all the attempt loading path information; executing process information, relevant to a preset malicious loading module, of each use case is acquired in the operation process; whether the tested program has security vulnerability or not is judged according to the executing process information, and judgment result information is output.

Description

Program safety method of testing and device

Technical field

The present invention relates to program test technology is and in particular to a kind of program safety method of testing and corresponding program safety Test device.

Background technology

Program is before formally coming into operation it will usually the text of an annotated book part for load-on module utilizes and load-on module is kidnapped Carry out safety test.

Above-mentioned load-on module be usually DLL (Dynamic Link Library, dynamic link library) or similar to The other kinds of load-on module of DLL, such as suffix are load-on module of TPI etc..In the case that load-on module is for DLL, DLL's Text of an annotated book part using typically refer to using DLL text of an annotated book part bypass fail-safe software master anti-load malice module, thus realize malice attack Hit；DLL abduction typically refers to forge under operation program is currently located catalogue same with routine call (or startup) real DLL The DLL of name, and the DLL forging by routine call and run in DLL function after, turn again to real DLL.Below to load Module illustrates to program safety method of testing for as a example DLL.

At present, the program safety method of testing of the utilization for DLL text of an annotated book part and DLL abduction mainly includes the following two kinds：

Method one, after having write program code, by related tester (as white-box testing personnel etc.) to program source Code is examined, is kidnapped with the utilization and DLL finding out the DLL text of an annotated book part causing due to writing carelessness from program source code Leak.

Method two, decompiling is carried out to the program after compiling using decompiling instruments such as IDA, afterwards, by hacker or be System safety engineer is targetedly debugged and is tested according to the increase income leak in storehouse of some announced.

Inventor finds in realizing process of the present invention, and said method one manually carries out program source code core by then passing through Look into, it is generally not possible to verify to all branches in program, omission factor is higher and testing efficiency is relatively low；Meanwhile, by It is not quite similar in performance under various system environmentss for the program, would generally still suffer from obscure in program source code after therefore verifying Leak, improves omission factor further；Said method two needs tester to have powerful professional skill (as code analysis energy Power etc.), and the method to equally exist testing efficiency relatively low and the problems such as omission factor is higher.

Content of the invention

In view of the above problems it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on State program safety method of testing and the device of problem.

According to one aspect of the present invention, there is provided a kind of program safety method of testing, main inclusion：Obtain tested program Test assignment information, and obtain the load-on module in tested program history load record information；In described test assignment letter On the basis of breath, load record information for each history and generate use-case and use-case attribute information respectively, use-case attribute is believed Breath is the information needed for installation and operation use-case, and described use-case attribute information includes：All trials when load-on module is loaded Load path information；According to described use-case attribute information installation and operation use-case, and described use-case is based on described all trials and loads Routing information executes the loading operation of load-on module；Obtain use-case related to preset malice load-on module in running Implementation procedure information；Judge that described tested program whether there is security breaches according to described implementation procedure information, and export judgement Object information.

According to another aspect of the invention, there is provided a kind of program safety test device, including：First acquisition module, It is suitable to obtain the test assignment information of tested program；Second acquisition module, is suitable to obtain going through of the load-on module in tested program History loads record information；Use-case generation module, is suitable to, on the basis of described test assignment information, load for each history Record information generates use-case and use-case attribute information respectively, and described use-case attribute information is the letter needed for installation and operation use-case Cease, and described use-case attribute information includes：All trial load path information when load-on module is loaded；Installation and operation mould Block, is suitable to according to described use-case attribute information installation and operation use-case, and described use-case is based on described all trial load path letters The loading operation of breath execution load-on module；3rd acquisition module, is suitable to acquisition use-case and is added with preset malice in running Carry the related implementation procedure information of module；Analysis module, be suitable to according to described implementation procedure information judge described by ranging Sequence whether there is security breaches, and exports judged result information.

The program safety method of testing of the present invention and device are by using the history of test assignment information and load-on module Load record information and generate use-case and use-case attribute information, and automatically install on the basis of use-case attribute information and run use Example, as such, it is possible to tested by going out to the loading record information automatic decision of load-on module in the use-case running that gets Program whether there is the security breaches related to preset malice load-on module；Thus the present invention effectively reduces program safety and surveys Try the degree of dependence of the professional skill to tester itself it is achieved that automatically tested program is carried out with the purpose of safety test, The final present invention improves program safety testing efficiency, and effectively reduces omission factor.

Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.

Brief description

By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.The accompanying drawing of the present embodiment is only used for illustrating the purpose of preferred implementation, and is not regarded as It is limitation of the present invention.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings：

Fig. 1 shows according to embodiments of the present invention one program safety method of testing flow chart；

Fig. 2 shows according to embodiments of the present invention two program safety method of testing flow chart；

Fig. 3 shows according to embodiments of the present invention three program safety test device schematic diagram.

Specific embodiment

It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.

Embodiment one, program safety method of testing.With reference to Fig. 1, the method for the present embodiment is described in detail.

In Fig. 1, S100, the test assignment information of acquisition tested program, and obtain going through of the load-on module in tested program History loads record information.

Specifically, the program safety test of the present embodiment refers to the text of an annotated book part that whether there is load-on module in tested program Using this security breaches and load-on module kidnap at least one in this security breaches tested.

The test assignment information of the tested program in the present embodiment is mainly used in describing the concrete of this program safety test Content；This test assignment information mainly includes：The identification information of tested program, the identification information of test object, test object Species, test mode, the unfolding mode (being referred to as the method for operation or the Starting mode of test object) of test object, survey The information such as the system platform of the operational factor of examination object and tested program.In addition, above-mentioned test assignment information can also include： The test prioritization of test object, the installation kit storage address of use-case, the scripted code bag of the automatic program execution test of use-case Storage address and use-case operation result send address etc..

The identification information of above-mentioned tested program can be for being test for application name, such as 360 security guards etc.；Above-mentioned The identification information of test object can be the filename of executable file being test in application program or load-on module Title etc., and the identification information of this test object can also be with representing lacking of all/multiple programs in tested program installation kit Apostrophe etc. is representing；The species of above-mentioned test object can for executable file type or load-on module (as DLL or TPI) type etc.；Above-mentioned test mode can be the text of an annotated book part of load-on module utilizes and/or load-on module is kidnapped etc., above-mentioned test The unfolding mode of object can open the method for operation or with order line band parameter method of operation etc. for double mouse click；Above-mentioned test The operational factor of object is design parameter entrained by order line etc.；The system platform of above-mentioned tested program refers to that tested program is transported The system environmental information (such as win7_32_sp1, xp_32_sp3 etc.) of row；The test prioritization of above-mentioned test object is used for representing The degree that test object is preferentially executed in carrying out security testing process；The installation kit storage address of above-mentioned use-case can be clear and definite The installation kit representing use-case concrete storage location；The scripted code bag storage of the automatic program execution test of above-mentioned use-case Address can clearly represent the concrete storage location that use-case carries out the scripted code bag of program test automatically；Above-mentioned use-case fortune Row result sends address and can clearly represent the object information of use-case operation (as loading list or load-on module are surveyed safely Pinged/do not passed through information etc.) position that stored；Executable file in the present embodiment such as suffix is file of .exe etc..

In the present embodiment obtain tested program test assignment information mode can have multiple, for example, user pass through survey Trial business setting screen input corresponding information and/or the corresponding option of selection, and by hit testing task setting screen The mode such as " submission test assignment " button submitting test assignment to, such that it is able to successfully get the test assignment of tested program Information；Again for example, transmitted by file or message transmission etc. mode and obtain the test assignment information of tested program.

The present embodiment disaggregatedly can be arranged to it after getting test assignment information, thus forming survey Examination program listing, system platform list of test mode list, parameter list and tested program etc., to facilitate follow-up safety Test operation.

Load-on module in the present embodiment refers to that itself can not voluntarily run, and needs by the loading of process etc. The program module that can run；Load-on module in the present embodiment typically refers to DLL and (is referred to as the loading mould of DLL type Block) it is also possible to be analogous to the other types load-on module of DLL, the such as load-on module for TPI for the suffix (is referred to as TPI class The load-on module of type) etc..

Because the present embodiment is the safety test realized based on use-case for the load-on module in tested program, because This, need to know that the history of the load-on module in tested program loads record information, with the basis of test assignment information, pin To corresponding load-on module, record information is loaded according to corresponding history and forms corresponding use-case.

History in the present embodiment loads record information and includes：The progress information of start-up loading module, start-up loading module Start-up parameter and process start-up loading module post-loaded module loading list etc.；Wherein, the entering of start-up loading module Journey information refers to start one or more process of certain load-on module in tested program；The start-up parameter of start-up loading module Refer to that one or more process starting certain load-on module in tested program is starting the ginseng being used during this load-on module Number；The list that loads of load-on module refers to loading, by tested program, the complete trails information institute group being used during each load-on module The list becoming.

In the present embodiment, the mode obtaining the history loading record information of the load-on module in tested program mainly includes The following two kinds：

Mode one, obtained by data base querying；Which mainly for the test object in test assignment information be by The situation of the load-on module in ranging sequence.

Specifically, the history of the multiple load-on modules being previously stored with data base in tested program loads record information, After getting the test assignment information of tested program, the kind of information of the test object in this test assignment information can be entered Row judges, in the case that some in determining this test object or some test objects are load-on module, for plus Carry the test object of module type, the history that can obtain this load-on module by way of directly searching from data base loads Record information, for example, the name of load-on module is referred to as search keyword, searches and this loading from the information of database purchase The corresponding all history of title of module load record information.

Mode two, by early stage use-case run obtain；Which mainly for the test object in test assignment information is The situation of the executable file in tested program.

Specifically, after getting the test assignment information of tested program, right according to the test in this test assignment information The kind of information of elephant is judged, some in determining this test object or some test objects are executable literary composition In the case of part, for the test object of executable file type, first according to test assignment information generation early stage use-case and front Phase use-case attribute information, then, installs and runs early stage use-case according to early stage use-case attribute information, and the fortune in early stage use-case During row, obtain the loading record information of the load-on module being activated, the loading record information that these get can conduct The history of corresponding load-on module loads record information.

It should be strongly noted that the loading record information being obtained by the operation of early stage use-case can simultaneously serve as going through History loads record information and is stored in data base, in order to, in aforesaid way one, the test in test assignment information is right Load record information as during for load-on module type, can successfully get corresponding history from data base.

Above-mentioned early stage use-case attribute information is the information needed for early stage use-case installation and operation.Early stage use-case attribute information also may be used To be referred to as the information needed for early stage use-case installation and operation or the information related to early stage use-case installation and operation；Early stage use-case attribute Information generally includes：The installation kit storage address (as the installation kit download address of early stage use-case) of early stage use-case, early stage use-case The scripted code bag storage address (being such as properly termed as the code bag download address of early stage use-case) of automatic program execution test, early stage (i.e. the execution of early stage use-case is attached for system platform information, early stage use-case number of retries and the early stage use-case operational factor that use-case runs Plus parameter) etc.；In addition, this early stage use-case attribute information can also include：The test prioritization of early stage use-case and early stage use-case Operation result sends address etc.；The installation kit storage address of above-mentioned early stage use-case is by the installation of the use-case in test assignment information Bag storage address forms or is formed by default value setting；The scripted code bag of the automatic program execution test of above-mentioned early stage use-case Storage address be by the use-case in test assignment information automatic program execution test scripted code bag storage address formed or Person is formed by default value setting；The system platform information that above-mentioned early stage use-case runs is by the tested program in test assignment information System platform (as win7_32_sp1 or win8_64_sp1 etc.) formed；Above-mentioned early stage use-case number of retries refers to that early stage is used Example runs the number of times of early stage use-case when running unsuccessfully again, that is, for can not smoothly the early stage use-case of returning result need to transport again The number of times of row, operation failure here can not meet expected or early stage use-case execution time-out etc. for early stage use-case result；And Above-mentioned early stage use-case number of retries can be formed (that is, test is appointed by the use-case number of retries in test assignment information This information of use-case number of retries can be included in business information), early stage use-case number of retries can also be arranged according to default value Formed；Above-mentioned early stage use-case execution additional parameter refers to some custom fields, that is, except the installation kit of early stage use-case downloads ground Location, the code bag download address of early stage use-case, early stage use-case run system platform information and early stage use-case number of retries it Outer self-defined information, these self-defined informations are the scripted code bags of the automatic program execution test of early stage use-case before operation The field using is needed during phase use-case；And early stage use-case execution additional parameter can by test assignment information by ranging The identification information of sequence, the identification information of test object, the species of test object, test mode, test object unfolding mode with And the operational factor of test object is formed；The test prioritization of above-mentioned early stage use-case is used for representing what early stage use-case was preferentially executed Degree, the test prioritization of early stage use-case can be formed by the test prioritization of the test object in test assignment information.Above-mentioned Early stage use-case operation result send the loading record information that address refers to obtained in early stage use-case implementation procedure should transmit to Specific address information, this early stage use-case operation result send address can be a URL (Uniform Resource Locator, URL), early stage use-case operation result sends address and can be transported by the use-case in test assignment information Row result sends address and is formed, it would however also be possible to employ default value mode is arranging.

Above-mentioned early stage use-case and early stage use-case attribute information are generated according to test assignment information can be：Execution is corresponding Packaging operation, to generate the scripted code bag of the installation kit of use-case and the automatic program execution test of use-case, and according in advance The use-case form setting and the form of use-case attribute information utilize test assignment information to generate early stage use-case and early stage use-case Attribute information.The installation kit of above-mentioned early stage use-case generally includes：The installation file of use-case and the installation file for use-case Installation script code (for executing the installation file of use-case).The scripted code bag of the automatic program execution test of above-mentioned use-case leads to Often include：The scripted code (for executing use-case) of the automatic program execution test of use-case.The installation file of above-mentioned use-case, installation The scripted code of the automatic program execution test of scripted code and use-case is all the code writing in advance, and, use-case The scripted code of the automatic program execution test of installation file, installation script code and use-case goes for all of use Example.The form of above-mentioned use-case form set in advance and use-case attribute information can be set according to practical situation by tester Put, the embodiment of the present invention does not limit the concrete manifestation form of the form of use-case form and use-case attribute information.

Above-mentioned installed according to early stage use-case attribute information and run early stage use-case and can be specially：From early stage use-case attribute The installation kit storage address of early stage use-case, and the installation kit according to this storage address download early stage use-case is obtained in information, then, Installation script code in the installation kit of execution use-case, thus installation script code executes the installation operation of the installation kit of use-case； Obtain the scripted code bag storage address of the automatic program execution test of use-case from early stage use-case attribute, according to this storage address Download the scripted code bag of the automatic program execution test of use-case, and execute the scripted code of the automatic program execution test of use-case Scripted code in bag.

The present embodiment can obtain the loading record information in early stage use-case running, example using existing instrument As the present embodiment can obtain early stage use-case in fortune using the process monitoring instrument (process monitor) of Microsoft Loading record information to load-on module during row.

The corresponding record information that loads of early stage use-case can load record information as history, and the present embodiment can basis Early stage use-case operation result in early stage use-case attribute information sends address and is stored in history loading record information accordingly History at position, and then this position loads information-recording and can be summarized in corresponding data base.In addition, history loads note Record information generally should be stored in data base according to storage format set in advance, and can also store test assignment in data base The content related to test such as information and corresponding test result information.

S110, on the basis of above-mentioned test assignment information, load record information for each history and generate use respectively Example and use-case attribute information.

Specifically, in order to distinguish description, mentioned early stage use-case in S100 step is properly termed as a phase use-case, and this step Use-case in rapid " load record information for each history and generate use-case and use-case attribute information respectively " is properly termed as The second stage of use-case, and use-case attribute information therein is properly termed as the second stage of use-case attribute information.

The second stage of use-case attribute information is that the information needed for installation and operation second phase use-case installs fortune it is also possible to be referred to as the second stage of use-case The required information of row or the information related to the second stage of use-case installation and operation.

The second stage of use-case attribute information in the present embodiment at least should include：All trials when load-on module is loaded load Routing information (is referred to as the complete trails information of load-on module), and the second stage of use-case attribute information in the present embodiment is generally also Including：The installation kit storage address (as the installation kit download address of the second stage of use-case) of the second stage of use-case, the automatic execution of the second stage of use-case The scripted code bag storage address (being such as properly termed as the code bag download address of the second stage of use-case) of program test, the second stage of use-case run System platform information, the second stage of use-case number of retries and the second stage of use-case operational factor (i.e. the second stage of use-case execution additional parameter) Deng；In addition, this second stage of use-case attribute information can also include：The test prioritization of the second stage of use-case and the second stage of use-case operation result Send address etc..

Above-mentioned load path information is to load the record list in record information by history to be formed；The peace of above-mentioned second phase use-case Dress bag storage address can be formed it is also possible to by early stage use-case by the installation kit storage address of the use-case in test assignment information Installation kit download address is directly formed；The scripted code bag storage address of the automatic program execution test of above-mentioned second phase use-case is permissible Formed it is also possible to by early stage by the scripted code bag storage address of the automatic program execution test of the use-case in test assignment information The code bag download address of use-case is directly formed；The system platform information that above-mentioned second phase use-case runs can be by test assignment information In tested program system platform (as win7_32_sp1 or win8_64_sp1 etc.) formed it is also possible to be transported by early stage use-case The system platform information of row is directly formed；Above-mentioned second phase use-case number of retries runs two when referring to that the second stage of use-case runs unsuccessfully again The number of times of phase use-case, that is, for the second stage of use-case of smooth returning result needing the number of times that runs again, operation here is lost Lose and can not meet expected or the second stage of use-case execution time-out etc. for the second stage of use-case result；And above-mentioned second phase use-case number of retries can To be formed (that is, use-case weight can be included in test assignment information by the use-case number of retries in test assignment information Examination this information of number of times), the second stage of use-case number of retries can also arrange according to default value and be formed, and can also be retried by early stage use-case Number of times is directly formed；Above-mentioned second phase use-case execution additional parameter refers to some custom fields, that is, except the installation of the second stage of use-case System platform information and the second stage of use-case weight that bag download address, the code bag download address of the second stage of use-case, the second stage of use-case run Self-defined information outside examination number of times, these self-defined informations are the scripted code bags of the automatic program execution test of the second stage of use-case The field of required use during running the second stage of use-case；And second phase use-case execution additional parameter can be executed by early stage use-case Additional parameter is directly formed；The test prioritization of above-mentioned second phase use-case is used for representing the degree that the second stage of use-case is preferentially executed, two The test prioritization of phase use-case can be formed it is also possible to by early stage by the test prioritization of the test object in test assignment information The test prioritization of use-case is directly formed.Above-mentioned second phase use-case operation result sends address and refers in the second stage of use-case implementation procedure The loading record information being obtained should transmit to specific address information, it can be one that this second stage of use-case operation result sends address Individual URL, the second stage of use-case operation result sends address and can be formed by the use-case operation result transmission address in test assignment information, Can also directly be formed by the second stage of use-case operation result transmission address or to be arranged using default value mode.

Seen from the above description, the second stage of use-case attribute information is essentially identical with a phase use-case attribute information, simply in a phase The complete trails information of load-on module is increased on the basis of use-case attribute information.

Implement process for what each history loaded that record information generates use-case and use-case attribute information respectively Refer to the above-mentioned description generating early stage use-case and early stage use-case attribute information according to test assignment information, both difference bags Include：Preset malice load-on module is driven in the scripted code bag of automatic program execution test of use-case.Above-mentioned is preset Malice load-on module is the code writing in advance.

S120, according to use-case attribute information installation and operation use-case, and use-case be based on all trial load path information execution The loading operation of load-on module.

Specifically, this step " according to use-case attribute information installation and operation use-case, and use-case be based on all attempt load roads Use-case in the loading operation of footpath information execution load-on module " can be described as the second stage of use-case, and use-case attribute information therein is permissible Referred to as the second stage of use-case attribute information.

The process of the installation and operation use-case in this step can be：The second stage of use-case is obtained from the second stage of use-case attribute information Installation kit storage address, obtains the installation kit of the second stage of use-case, and executes the installation in the installation kit of use-case according to this storage address Scripted code, thus installation script code runs the installation file in the installation kit of use-case, to install the second stage of use-case；Use from the second phase Obtain the scripted code bag storage address of the automatic program execution test of use-case in example attribute, use-case is obtained according to this storage address Automatic program execution test scripted code bag, execution use-case automatic program execution test scripted code bag in script Code, preset malice load-on module can be positioned in corresponding path for the execution of scripted code, and use example is based on and owns Attempt the loading operation that load path information executes load-on module.

Related to the preset malice load-on module implementation procedure information in running of S130, acquisition use-case.

Specifically, " related to the preset malice load-on module execution in running of acquisition use-case of this step Use-case in journey information " can be described as the second stage of use-case.The present embodiment can be obtained the second stage of use-case and run using existing instrument Implementation procedure information in journey, for example, the present embodiment can utilize the process monitoring instrument (process of Microsoft Monitor) obtaining implementation procedure information in running for the second stage of use-case, this implementation procedure information includes：To loading mould The loading record information of block.

Because the preset malice load-on module in the present embodiment can write predetermined labels during being performed, therefore, Implementation procedure information with predetermined labels is the implementation procedure information related to preset malice load-on module.In addition, such as There is the loading record information of preset malice load-on module in fruit implementation procedure information, then this loading record information be also with advance The implementation procedure information of the malice load-on module correlation put.

S140, judge that according to implementation procedure information tested program whether there is security breaches, and export judged result information.

Specifically, the present embodiment can be by judging the implementation procedure information related to preset malice load-on module Lai really Make tested program and whether there is security breaches；For example, be may determine that according to the predetermined labels that preset malice module writes There is more serious safety problem in tested program；Again for example, permissible according to the loading record information of preset malice load-on module Judge that tested program has potential safety hazard.

Further, the present embodiment can also judge that tested program has the concrete position of safety problem and potential safety hazard Put, for example, it is possible to judge that the implementation procedure information with predetermined labels is which use-case occurs in running, and root Can judge that tested program has the particular location of safety problem and potential safety hazard according to this use-case.

The present embodiment can production process test on the basis of the content such as test assignment information and implementation procedure information Result is reported, and routine test results report is sent to presumptive address.This presumptive address can by test assignment information Lai Arrange, that is, test assignment information can include this content of transmission address of routine test results report.

Embodiment two, program safety method of testing.

The program safety method of testing of the present embodiment is by server (following referred to as Brixs kidnap server), foreground Module, automatic push interface module, data base access module (including data base in interior data base access module), use-case Execution platform and multiple distributed virtual machine are realizing.

With reference to Fig. 2, the operation performed by all parts in the present embodiment is illustrated respectively.

(1), Brix is with kidnapping server

Brix abduction server is the core component that the present embodiment realizes program safety test.Brix is with kidnapping server Performed operation mainly includes：

1st, provide the test assignment information of history tested program for desk module, so that desk module can be shown to user Corresponding test assignment setting and the submission page, thus facilitate user to be directed to tested program arrange corresponding test assignment information； Brix can be arranged to the test assignment information of user setup with kidnapping server, the test assignment of user setup is believed Breath is disaggregatedly arranged, and such as can obtain test program list, test mode list, parameter list and system platform List etc., to facilitate follow-up test operation；Wherein, generally include one or more needs in test program list to be surveyed The corresponding relation of the identification information of the identification information of tested program of examination and corresponding test object, the such as title of tested program and quilt The corresponding pass of the title of the title of certain or some executable files in ranging sequence and certain or some load-on modules System etc.；Test mode list is generally used for representing that each of test program list test object is by text of an annotated book part using survey Examination is also by load-on module and kidnaps test, also or simultaneously carries out text of an annotated book part and kidnaps test using test and load-on module； Parameter list is generally used for representing the method for operation (the i.e. unfolding mode or open of each of test program list test object Flowing mode) and corresponding operational factor；System platform list is generally used for representing each of test program list test Object executes, in use-case, the system environmental information (as win7_32_sp1 or win8_64_sp1 etc.) that platform runs.

2nd, receive desk module or automatic push interface module transmits the test assignment information of the tested program come, and dock The test assignment information receiving is arranged, and the test assignment information receiving disaggregatedly is arranged, such as permissible Obtain test program list, test mode list, parameter list and system platform list etc., to facilitate follow-up test to grasp Make.

3rd, the test object in test program list includes this loading mould that itself can not start of DII or TPI In the case of block, Brix abduction server also needs to the database purchase according to test object mark from data base access module History load in record information and inquired about, inquire about obtained history and load record information can represent in tested program Start one or more process (or even all processes) of the such test object of DII or TPI, each process initiation Produced loading after the start-up parameter of the such test object of DII or TPI and each process initiation DII or TPI List etc..

Brix kidnaps the basis that server can load record information in test assignment information and the history inquiring Upper generation use-case and use-case attribute information；Here use-case is the second stage of use-case described in above-described embodiment.Brix is kidnapped The second stage of use-case and the second stage of use-case attribute information are submitted to use-case execution platform by server.

It should be strongly noted that Brix kidnaps server not needing for the load-on module that itself can not voluntarily start Generate a phase use-case and a phase use-case attribute information, but directly generate the second stage of use-case and the second stage of use-case attribute information, in vain Referred to described below using the process kidnapping the second stage of use-case of server generation and use-case attribute information.

4th, the test object in test program list includes the situation of executable file (as the file for exe for the suffix) Under, Brix is kidnapped server and directly can be generated early stage use-case and early stage use-case according to the test assignment information that it receives Attribute information, and early stage use-case and early stage use-case attribute information are submitted to use-case execution platform.Here early stage use-case is A phase use-case described in above-described embodiment.

One main purpose of the phase use-case in the present embodiment includes：Process monitor using Microsoft etc. The test object (as certain exe file) of the executable file type of instrument dynamic access tested program is directed in the process of implementation The loading list of load-on module.The loading list that test assignment information and above-mentioned dynamic access arrive can be used as generating the second phase Example and the Back ground Information of the second stage of use-case attribute.

Brix kidnaps the progress information loading list and start-up loading module that its dynamic access can be arrived by server Load the data base that record information is stored in data base access module with the start-up parameter of start-up loading module together as history In.

Brix kidnap server generate a phase use-case a detailed process can be：Brix with kidnap server according to The identification information of the tested program in test assignment information, the identification information of test object, the species of test object, test side Formula, the unfolding mode (being referred to as the method for operation or the Starting mode of test object) of test object, the fortune of test object Line parameter, the test prioritization of test object, the installation kit storage address of tested program, the script generation of automatic program execution test The information such as the system platform of code bag storage address and tested program carry out corresponding packing process, to form distributed virtual machine Run the installation kit of use-case and use-case automatic perform script code bag, and simultaneously generate use-case installation kit URL with And the URL of the scripted code bag of automatic program execution test of use-case.

Above-mentioned packing processing procedure such as the installation script generation of the installation file by the installation file of use-case and for use-case Code is packed, and this bag is stored in precalculated position, for another example by the automatic execution of preset malice load-on module and use-case The scripted code of program test is packed.

The installation script code of the installation file of above-mentioned use-case is used for executing the installation file of use-case, and the installation literary composition of use-case The installation script code of part is the code writing in advance.The scripted code of the automatic program execution test of above-mentioned use-case is used for holding Row use-case, and the scripted code of the automatic program execution test of use-case is the code writing in advance.

In addition, above-mentioned two URL (i.e. download link information) is believed as a phase use-case attribute by Brix with kidnapping server One of breath attribute.One phase use-case attribute information is that use-case executes platform required some during execution one phase use-case Information；One phase use-case attribute information mainly includes：The installation kit download address of one phase use-case, the code bag of a phase use-case download ground Location, the system platform information of a phase use-case operation, a phase use-case number of retries, a phase use-case execution additional parameter, a phase use-case Test prioritization and a phase use-case operation result send address etc..

One phase use-case executes after terminating on distributed virtual machine, and Brix is kidnapped server and can be received distributed virtual Machine executes, by use-case, the startup ginseng loading list, the progress information of start-up loading module and start-up loading module that platform returns Number etc., after the completion of a phase use-case of the test object of all executable file types of measurand is performed both by, Brix is robbed Hold server and can collect and more comprehensively load list, the opening of the progress information of start-up loading module and start-up loading module Dynamic parameter etc., Brix kidnap server can be collected load list, the progress information of start-up loading module and Start-up parameter of start-up loading module etc. is transferred to data base access module as history loading record information and is stored in data base In.

5th, Brix is kidnapped server and is collected all each loading record informations loading in record information for it Generate the second stage of use-case and the second stage of use-case attribute information respectively, and the second stage of use-case and the second stage of use-case attribute information are committed to use Example execution platform.The second stage of use-case attribute information in the present embodiment is substantially identical with a phase use-case attribute information, simply one The complete trails information of load-on module is increased on the basis of phase use-case attribute information.

The main purpose of the second stage of use-case in the present embodiment includes：Check test object implementing result whether include with The related implementation procedure information of preset malice load-on module, this implementation procedure information such as execution flag of malice load-on module or The path of person's malice load-on module whether there is medium in loading list.

It should be strongly noted that preset malice load-on module can be packaged in second phase use by Brix abduction server In the automatic perform script code bag of example, and preset malice load-on module is that tester writes setting in advance.

6th, Brix receives, with kidnapping server, all second phase use-cases that distributed virtual machine executes platform return by use-case Execution result information, and test report is generated according to the execution result information of the second stage of use-case, afterwards, Brix is with kidnapping server Test report is supplied to user, for example, Brix is kidnapped server, in the way of mail, test report issued corresponding use Family；Again for example, test report is passed through desk module to user's displaying with kidnapping server by Brix.

The content of the test report in the present embodiment mainly includes：The explanation of testing procedure, the details of test assignment, Summary description to the test result of each test program and detailed report content；Wherein, above-mentioned test assignment is detailed Information mainly includes：Test assignment ID, test mode, the system platform of tested program, the installation package informatin of tested program and Execution time of test assignment etc.；The summary description of above-mentioned test result mainly includes：Information (the name as tested program of program Claim, version and digital signature etc.), the operational factor of the method for operation of test object and test object, test object is carried out That tests takes, whether finds security breaches (testing unsanctioned load-on module etc. as being set out) and detailed report content Link address information etc.；Above-mentioned detailed report content would generally be by the test of each load-on module of the loading list of tested program Result all is enumerated out, as the load-on module passing through test and the unsanctioned load-on module of test all are enumerated out.

(2), desk module

Desk module has provided the user and has arranged the test assignment information of tested program for it by hand and kidnap to Brix Server submits the page of test assignment to.Desk module can also provide the user test assignment query page, to check test The test mode of task；Test mode completes or just in testing or do not test as tested.Desk module is acceptable Provide the user the test result display page, to facilitate user to check the test result of tested program.

Test assignment setting and the survey submitting page craft setting tested program to that user can be shown by desk module Each concrete value in examination mission bit stream, such as can arrange program installation kit title, the test journey needing to be tested Designated program in sequence installation kit, the method for operation of designated program and operational factor, the test mode of designated program and according to E-mail recipient's information of test report that test result generates etc..

The task list page that user can be shown by desk module checks that history test assignment information, history test are appointed Link information of detailed report content of the execution state of business and test etc..

(3), automatic push interface module

When the designated program that automatic push interface module is mainly used in the tested program having carried out testing updates, By corresponding test assignment information pushing to Brix with kidnapping server, so that Brix is kidnapped server and can be directed to specified journey Automatization's safety test that text of an annotated book part utilizes and load-on module is kidnapped is realized in the renewal of sequence.

Specifically, in the case that the designated program in tested program updates, automatic push interface module can receive To test request, in test request, carry test assignment information, automatic push interface module parses to test request, with Analytically obtain test assignment information in result；The test assignment information transfer that automatic push interface module is got is given white Using kidnapping server, making Brix kidnap server can be according to the follow-up operation of this test assignment information execution.

(4), data base access module

Data base can be included, data base access module is mainly used in data base is written and read in data base access module Operation, makes the storage information related to program safety test in data base, and according to Brix with kidnapping the query demand of server Search from data base and read corresponding information, lookup result is returned to Brix and kidnaps server.

In data base, the information of storage can include：The identification information of tested program, the such as installation kit of tested program Digital signature of md5, the version number of tested program and tested program etc..The identification information of tested program be mainly used in showing with The tested program belonging to other data of its common storage.

In data base, the information of storage can also include：The history test assignment information of tested program and history load note Record information etc..The history test assignment information of tested program can be used for the history test query of tested program it is also possible to be used for Form test report of tested program etc..The history of tested program loads record information and is primarily used to form the second stage of use-case and two The attribute information of phase use-case.

In data base, the information of storage can also include：The renewal listed files of tested program.Update listed files permissible History test query for tested program is it is also possible to be used for forming test report of tested program etc..

In data base, the information of storage can also include：The test result information of program safety test.Test result information It is primarily used to form test report of tested program etc..

In the case that certain tested program did not carried out safety test (original state), this tested program pair in data base The progress information of start-up loading module in the history loading record information answered, the start-up parameter of start-up loading module and loading List is usually sky；And with being the safety test of each executable file in this tested program to test object, data base In history load the progress information of start-up loading module in record information, the start-up parameter of start-up loading module and loading List all can constantly be enriched perfect, so, is that load-on module in this tested program carries out safety test in test object When, Brix is kidnapped server and can be found the progress information of corresponding start-up loading module, start-up loading from data base The information such as the start-up parameter of module and loading list.

(5), use-case execution platform

Use-case execution platform is mainly used in the resource of each distributed virtual machine is managed, and dialogue is using the service of kidnapping The use-case that device transmission comes is distributed dispatching, and such as use-case execution platform is received according to the use-case attribute information that it receives Use-case distribute to corresponding distributed virtual machine, in order to this use-case is executed by this distributed virtual machine.

The principle that use-case execution platform is distributed to use-case dispatching can include：Run according to the use-case in use-case attribute System platform information distributing corresponding virtual machine；The principle of this distribution scheduling can also include：Many for submit to simultaneously For individual use-case, distribute corresponding virtual machine according to the test prioritization in use-case attribute for use-case, and have reusable The virtual machine of snapshot can distribute to the high use-case of test prioritization；In addition, the principle of this distribution scheduling can also include：For For the multiple use-cases successively submitted to, the use-case with different test prioritizations can be preferably the high use-case of test prioritization and divides Join virtual machine.The principle that use-case execution platform is distributed to use-case dispatching can be arranged according to the actual requirements, the present embodiment Do not limit the concrete manifestation form of this principle.

(6), distributed virtual machine

Distributed virtual machine in the present embodiment is referred to as executing test script module.Distributed virtual machine is mainly used In execution use-case, and obtain use-case execution result information.

Operation performed by distributed virtual machine mainly includes as follows：

1st, the preparation of use-case performing environment, the such as installation kit for use-case execute installation operation of use-case etc.；Specifically, divide Cloth virtual machine obtains the installation kit storage address (as URL1) of use-case from use-case attribute information, and according to this storage address (as URL1) downloads the installation kit of use-case, and then, distributed virtual machine executes the installation script code in the installation kit of use-case, from And installation script code executes the installation operation of the installation kit of use-case.

2nd, execute a phase use-case, and obtain all of loading list in a phase use-case implementation procedure；Specifically, distributed Virtual machine can obtain the scripted code bag storage address of the automatic program execution test of use-case (such as from a phase use-case attribute URL2), and according to URL2 download the scripted code bag of the automatic program execution test of use-case；Distributed virtual machine was used according to former Test mode in example attribute is arranging the filter in the process monitor instrument of Microsoft, afterwards, distributed virtual machine Scripted code in the scripted code bag of automatic program execution test of execution use-case, and by using being provided with filter Process monitor instrument can successfully obtain loading list.

3rd, the progress information of start-up loading module and start-up loading module are analyzed according to the list that loads that it gets Start-up parameter information.

4th, execute the second stage of use-case, and obtain all of with preset malice load-on module phase in the second stage of use-case implementation procedure The implementation procedure information closed；Specifically, distributed virtual machine can be arranged according to the test mode in the second stage of use-case attribute micro- Filter in soft process monitor instrument, afterwards, distributed virtual machine is by using being provided with filter Process monitor instrument can successfully obtain the related implementation procedure information of all to preset malice load-on module；It Afterwards, distributed virtual machine can carry out the judgement of test result according to the implementation procedure information that it gets；For example, judge preset Malice load-on module path whether there is in the loading list getting, if present in load list in, then permissible Learn that tested program attempts to load this malice load-on module, thus may determine that test object has potential safety hazard, should be to survey Examination personnel send corresponding information warning；Again for example, judge to whether there is in implementation procedure information and make a reservation for write labelling, this makes a reservation for write Labelling is to be write by preset malice load-on module, writes labelling if there is predetermined, then can learn that this preset malice adds Successfully tested object is loaded to carry module, thus may determine that test object has security breaches, that is, tests and do not pass through.

5th, by the implementing result of a phase use-case (as loaded list, the progress information of start-up loading module and start-up loading mould Start-up parameter information of block etc.) and the second stage of use-case implementing result (as loaded list and above-mentioned judgement test result information Deng) Brix abduction server is returned to by use-case execution platform.

Embodiment three, program safety test device.With reference to Fig. 3, the program safety test device of the present embodiment is carried out Explanation.

Device shown in Fig. 3 is mainly used in utilizing this safety to the text of an annotated book part that whether there is load-on module in tested program Leak and load-on module kidnap in this security breaches at least one carry out safety test；And this device mainly wraps Include：First acquisition module 300, the second acquisition module 310, use-case generation module 320, installation and operation module the 330, the 3rd obtain mould Block 340 and analysis module 350.

First acquisition module 300 is primarily adapted for obtaining the test assignment information of tested program；The survey of tested program therein Examination mission bit stream is mainly used in describing the particular content of this program safety test；This test assignment information mainly includes：Tested The identification information of program, the identification information of test object, the species of test object, test mode, the unfolding mode of test object, The information such as the system platform of the operational factor of test object and tested program.In addition, above-mentioned test assignment information can also be wrapped Include：The test prioritization of test object, the installation kit storage address of use-case, the scripted code of the automatic program execution test of use-case Bag storage address and use-case operation result send address etc..

The mode that first acquisition module 300 obtains the test assignment information of tested program can have multiple, and for example, first obtains Delivery block 300 provides a user with test assignment setting screen, and user can input corresponding information and/or selection in this picture Corresponding option, the mode such as " submission test assignment " button in user's hit testing task setting screen to submit to test to appoint During business, the first acquisition module 300 successfully gets the test assignment information of tested program；Again for example, the first acquisition module 300 leads to Cross the test assignment information that the mode such as file transmission or message transmission obtains tested program.

First acquisition module 300, after getting test assignment information, disaggregatedly can be arranged to it, thus Form test program list, system platform list of test mode list, parameter list and tested program etc., follow-up to facilitate Safety test operation.

First acquisition module 300 can be arranged at the Brix of embodiment two with kidnapping in server.

The history that second acquisition module 310 is primarily adapted for obtaining the load-on module in tested program loads record information；Its In history load record information include：The progress information of start-up loading module, the start-up parameter of start-up loading module and enter Journey is in the loading list etc. of start-up loading module post-loaded module.The progress information of above-mentioned start-up loading module refers to tested program Middle one or more process starting certain load-on module；The start-up parameter of above-mentioned start-up loading module refers in tested program One or more process starting certain load-on module is starting the parameter being used during this load-on module；Above-mentioned load-on module The list that loads refer to by the tested program list that the complete trails information that used is formed when loading each load-on module.

The mode that second acquisition module 310 obtains the history loading record information of the load-on module in tested program is mainly wrapped Include two kinds：Mode one, obtained by data base querying；Mode two, by early stage use-case run obtain.Mode one is mainly for survey Test object in examination mission bit stream is the situation of the executable file in tested program.Mode two is believed mainly for test assignment Test object in breath is the situation of the load-on module in tested program.Both modes implement process, in mode two Early stage use-case and the specifying information that comprised of the generating process of early stage use-case attribute information, early stage use-case attribute information and front Description in the installation and operation process of phase use-case etc. content such as above-mentioned embodiment of the method, is not repeated.

In addition, generating early stage use-case and early stage use-case attribute in aforesaid way two, installing and run early stage use-case and obtain Taking loading record information for load-on module etc. in early stage use-case running to operate can be by use-case generation module 320, peace Shipment row module 330 and the 3rd acquisition module 340 execute respectively, and the second acquisition module 310 can be by receiving the 3rd acquisition Module 340 is transmitted the record record information come to obtain history loading record information.

Second acquisition module 310 can be arranged at the Brix of embodiment two with kidnapping in server.

Use-case generation module 320 is primarily adapted for, on the basis of test assignment information, loading record for each history Information generates use-case and use-case attribute information respectively；Here use-case can be described as the second stage of use-case, use-case attribute information here It is properly termed as the second stage of use-case attribute information.

The second stage of use-case attribute information that use-case generation module 320 generates at least should include：Institute when load-on module is loaded There is trial load path information, and the second stage of use-case attribute information generating generally also includes：The installation kit storage of the second stage of use-case System platform information that location, the scripted code bag storage address of automatic program execution test of the second stage of use-case, the second stage of use-case run, The second stage of use-case number of retries and the second stage of use-case operational factor etc.；In addition, this second stage of use-case attribute information can also include：Second phase The test prioritization of use-case and the second stage of use-case operation result send address etc..The second stage of use-case and the second stage of use-case attribute information Form the description specifically referring in above-described embodiment one, here no longer describes in detail.

In addition, use-case generation module 320 is also required to execute the operation generating a phase use-case and a phase use-case attribute information, and The second stage of use-case attribute information is essentially identical with a phase use-case attribute information, simply increases on the basis of a phase use-case attribute information The complete trails information of load-on module.

Use-case generation module 320 can be arranged at the Brix of embodiment two with kidnapping in server.

Installation and operation module 330 is primarily adapted for according to use-case attribute information installation and operation use-case, and use-case is paid based on institute Examination load path information executes the loading operation of load-on module.Here use-case can be described as the second stage of use-case, use-case attribute here Information is properly termed as the second stage of use-case attribute information.

The process of installation and operation module 330 installation and operation use-case can be：Installation and operation module 330 is from the second stage of use-case attribute Obtain the installation kit storage address of the second stage of use-case, and the installation kit according to the second stage of use-case of this storage address acquisition in information, install Run the installation script code that module 330 is run in the installation kit of use-case, thus installation script code runs the installation kit of use-case In installation file, to install the second stage of use-case；Installation and operation module 330 obtains the automatic execution of use-case from the second stage of use-case attribute The scripted code bag storage address of program test, installation and operation module 330 obtains the automatic execution of use-case according to this storage address The scripted code bag of program test, installation and operation module 330 executes in the scripted code bag of automatic program execution test of use-case Scripted code, preset malice load-on module can be positioned in corresponding path for the execution of scripted code, and use example base Attempt the loading operation that load path information executes load-on module in all.

In addition, installation and operation module 330 is also required to execution generates the installation of a phase use-case and the operation of operation, and install Run the test prioritization that module 330 can consider use-case during the installation and operation of use-case.Installation and operation module 330 is permissible It is arranged in use-case execution platform and the distributed virtual machine of embodiment two.

It is related to preset malice load-on module in running that 3rd acquisition module 340 is primarily adapted for acquisition use-case Implementation procedure information.Here use-case can be described as the second stage of use-case.3rd acquisition module 340 can be obtained using existing instrument Implementation procedure information in the second stage of use-case running, for example, the 3rd acquisition module 340 can utilize the process prison of Microsoft Control instrument (process monitor) obtaining implementation procedure information in running for the second stage of use-case, believe by this implementation procedure Breath includes：Loading record information to load-on module.

In addition, the 3rd acquisition module 340 is also required to execute the loading record information obtaining in a phase use-case running Operation.3rd acquisition module 340 can be arranged in the distributed virtual machine of embodiment two.

Analysis module 350 is primarily adapted for judging that tested program whether there is safety and leaks according to above-mentioned implementation procedure information Hole, and export judged result information.

Specifically, analysis module 350 can be by judging the implementation procedure related to preset malice load-on module Information whether there is security breaches determining tested program；For example, analysis module 350 is write according to preset malice module Under predetermined labels may determine that tested program has more serious safety problem；Again for example, loaded according to preset malice The loading record information of module may determine that tested program has potential safety hazard.

Further, analysis module 350 can also judge that tested program has safety problem and potential safety hazard Particular location, for example, analysis module 350 may determine which use-case is the implementation procedure information with predetermined labels be Running occurs, and can judge that tested program has the tool of safety problem and potential safety hazard according to this use-case Body position.

Analysis module 350 can be arranged in the distributed virtual machine of embodiment two.

In addition, the device of the present embodiment can also include test report module (not shown in Fig. 3), test report module can Reported with production process test result on the basis of the content such as test assignment information and implementation procedure information, and program is surveyed Test result report is sent to presumptive address.Test report module can be arranged at the Brix of embodiment two with kidnapping in server.

A1, a kind of program safety method of testing, including：

Obtain the test assignment information of tested program, and obtain the history of the load-on module in tested program and load record letter Breath；

On the basis of described test assignment information, for each history load record information generate respectively use-case and Use-case attribute information, described use-case attribute information is the information needed for installation and operation use-case, and described use-case attribute information includes： All trial load path information when load-on module is loaded；

According to described use-case attribute information installation and operation use-case, and described use-case is based on described all trial load path letters The loading operation of breath execution load-on module；

Obtain related to the preset malice load-on module implementation procedure information in running of use-case；

Judge that described tested program whether there is security breaches according to described implementation procedure information, and export judged result letter Breath.

A2, the method as described in A1, wherein, described test assignment information includes：The identification information of tested program, test are right The identification information of elephant, the species of test object, test mode, the unfolding mode of test object, test object operational factor with And the information such as the system platform of tested program.

A3, the method as described in A1, wherein, the described history obtaining the load-on module in tested program loads record information Including：

In the case that the test object in described test assignment information is load-on module, by inquiry from data base The history that mode obtains test object loads record information.

A4, the method as described in A1, wherein, the described history obtaining the load-on module in tested program loads record information Including：

In the case that the test object in described test assignment information is executable file, believed according to described test assignment Breath generates early stage use-case and early stage use-case attribute information, and described early stage use-case attribute information is needed for installation and operation early stage use-case Information；

Early stage use-case is run according to described early stage use-case attribute information；

Obtain the loading record information for load-on module in early stage use-case running, and load note as history Record information Store is in data base.

A5, as described method arbitrary in A1 to A4, wherein, a history loads record information and includes：Start-up loading mould The progress information of block, the start-up parameter of start-up loading module and process arrange in the loading of start-up loading module post-loaded module Table, and described loading list include：All trial load path information when load-on module is loaded.

A6, the method as described in A1, wherein, described use-case attribute information also includes：The installation kit storage address of use-case, use The scripted code bag storage address of automatic program execution test of example, the system platform information of use-case operation, use-case number of retries And use-case operational factor.

A7, the method as described in A6, wherein, described include according to described use-case attribute information installation and operation use-case：

System environmentss are arranged for use-case according to the system platform information that use-case runs；

Installation kit storage address according to described use-case obtains the installation kit of use-case, and runs the peace in the installation kit of use-case Dress scripted code, the installation file that installation script code passes through to execute the use-case in installation kit installs use-case；

The scripted code bag storage address of the automatic program execution test according to described use-case obtains scripted code bag, described Scripted code in scripted code bag runs use-case on the basis of use-case number of retries and use-case operational factor.

A8, the method as described in A1, wherein, described acquisition use-case in running with preset malice load-on module phase The implementation procedure information closed includes：

Obtain the implementation procedure information in use-case running using process monitoring instrument, and from described use-case running In implementation procedure information in filter out the implementation procedure information related to preset malice load-on module.

A9, the method as described in A1, wherein, the related implementation procedure packet of described to preset malice load-on module Include：Use-case is directed to the preset loading record information of malice load-on module in running and/or preset malice loads mould The execution flag information of block.

B10, a kind of program safety test device, including：

First acquisition module, is suitable to obtain the test assignment information of tested program；

Second acquisition module, the history being suitable to obtain the load-on module in tested program loads record information；

Use-case generation module, is suitable to, on the basis of described test assignment information, load record letter for each history Breath generates use-case and use-case attribute information respectively, and described use-case attribute information is the information needed for installation and operation use-case, and institute State use-case attribute information to include：All trial load path information when load-on module is loaded；

Installation and operation module, is suitable to according to described use-case attribute information installation and operation use-case, and described use-case is based on described All loading operations attempting load path information execution load-on module；

3rd acquisition module, is suitable to obtain related to the preset malice load-on module execution in running of use-case Journey information；

Analysis module, is suitable to judge that described tested program whether there is safety and leaks according to described implementation procedure information Hole, and export judged result information.

B11, the device as described in B10, wherein, described test assignment information includes：The identification information of tested program, test The identification information of object, the species of test object, test mode, the unfolding mode of test object, the operational factor of test object And the information such as the system platform of tested program.

B12, the device as described in B10, wherein, described second acquisition module is further adapted for：

B13, the device as described in B10, wherein, described second acquisition module is further adapted for：

B14, as described device arbitrary in B10 to B13, wherein, a history loads record information and includes：Start-up loading The progress information of module, the start-up parameter of start-up loading module and process arrange in the loading of start-up loading module post-loaded module Table, and described loading list include：All trial load path information when load-on module is loaded.

B15, the device as described in B10, wherein, described use-case attribute information also includes：The installation kit storage address of use-case, The scripted code bag storage address of automatic program execution test of use-case, the system platform information of use-case operation, use-case retry secondary Number and use-case operational factor.

B16, the device as described in B15, wherein, described installation and operation module is further adapted for：

B17, the device as described in B10, wherein, described 3rd acquisition module is further adapted for：

B18, the device as described in B10, wherein, the related implementation procedure packet of described to preset malice load-on module Include：Use-case is directed to the preset loading record information of malice load-on module in running and/or preset malice loads mould The execution flag information of block.

Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this Bright preferred forms.

In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail And technology, so as not to obscure the understanding of this description.

Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention：I.e. required guarantor The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.

Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose Replace.

Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.

The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) are realizing in program safety test device according to embodiments of the present invention The some or all functions of a little or whole parts.The present invention is also implemented as executing method as described herein Some or all equipment or program of device (as computer program and computer program).Such realize this Bright program can store on a computer-readable medium, or can have the form of one or more signal.Such Signal can be downloaded from internet website and obtain, or provides on carrier signal, or provided with any other form.

It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and this Skilled person can design alternative embodiment without departing from the scope of the appended claims.In claim In, any reference markss between bracket should not be configured to limitations on claims.Word "comprising" is not excluded for depositing In element not listed in the claims or step.Word "a" or "an" before element do not exclude the presence of multiple this The element of sample.The present invention can come by means of the hardware including some different elements and by means of properly programmed computer Realize.If in the unit claim listing equipment for drying, several in these devices can be by same hardware Embodying.The use of word first, second and third class does not indicate that any order.These words can be explained and run after fame Claim.

Claims

1. a kind of program safety method of testing, including：

Obtain the test assignment information of tested program, and the side running by way of data base querying or by early stage use-case Formula, the history obtaining the load-on module in tested program loads record information；

On the basis of described test assignment information, load record information for each history and generate use-case and use-case respectively Attribute information, described use-case attribute information is the information needed for installation and operation use-case, and described use-case attribute information includes：Load All trial load path information when module is loaded；

According to described use-case attribute information installation and operation use-case, and described use-case is based on described all trial load path information and holds The loading operation of row load-on module；

Judge that described tested program whether there is security breaches according to described implementation procedure information, and export judged result information.

2. the method for claim 1, wherein described test assignment information includes：The identification information of tested program, test The identification information of object, the species of test object, test mode, the unfolding mode of test object, the operational factor of test object And the information such as the system platform of tested program.

3. the method for claim 1, wherein the described history obtaining the load-on module in tested program loads record letter Breath includes：

In the case that the test object in described test assignment information is load-on module, by way of inquiring about from data base The history obtaining test object loads record information.

4. the method for claim 1, wherein the described history obtaining the load-on module in tested program loads record letter Breath includes：

In the case that the test object in described test assignment information is executable file, given birth to according to described test assignment information Become early stage use-case and early stage use-case attribute information, described early stage use-case attribute information is the letter needed for installation and operation early stage use-case Breath；

Obtain the loading record information for load-on module in early stage use-case running, and load record letter as history Breath is stored in data base.

5. the method as described in any claim in Claims 1-4, wherein, a history loads record information and includes：Open The progress information of dynamic load-on module, the start-up parameter of start-up loading module and process are in start-up loading module post-loaded module Load list, and described loading list includes：All trial load path information when load-on module is loaded.

6. the method for claim 1, wherein described use-case attribute information also includes：The installation kit storage address of use-case, The scripted code bag storage address of automatic program execution test of use-case, the system platform information of use-case operation, use-case retry secondary Number and use-case operational factor.

7. method as claimed in claim 6, wherein, described includes according to described use-case attribute information installation and operation use-case：

Installation kit storage address according to described use-case obtains the installation kit of use-case, and runs the installation foot in the installation kit of use-case This code, the installation file that installation script code passes through to execute the use-case in installation kit installs use-case；

The scripted code bag storage address of the automatic program execution test according to described use-case obtains scripted code bag, described script Scripted code in code bag runs use-case on the basis of use-case number of retries and use-case operational factor.

8. the method for claim 1, wherein described acquisition use-case in running with preset malice load-on module Related implementation procedure information includes：

Obtain the implementation procedure information in use-case running using process monitoring instrument, and from described use-case running The implementation procedure information related to preset malice load-on module is filtered out in implementation procedure information.

9. the related implementation procedure packet of the method for claim 1, wherein described to preset malice load-on module Include：Use-case is directed to the preset loading record information of malice load-on module in running and/or preset malice loads mould The execution flag information of block.

10. a kind of program safety test device, including：

Second acquisition module, is suitable to, by way of data base querying or by way of early stage use-case runs, obtain by ranging The history of the load-on module in sequence loads record information；

Use-case generation module, is suitable to, on the basis of described test assignment information, load record information for each history and divide Not Sheng Cheng use-case and use-case attribute information, described use-case attribute information is the information needed for installation and operation use-case, and described use Example attribute information includes：All trial load path information when load-on module is loaded；

Installation and operation module, is suitable to according to described use-case attribute information installation and operation use-case, and described use-case is based on described all Attempt the loading operation that load path information executes load-on module；

3rd acquisition module, is suitable to obtain related to the preset malice load-on module implementation procedure letter in running of use-case Breath；

Analysis module, is suitable to judge that described tested program whether there is security breaches according to described implementation procedure information, and Output judged result information.

11. devices as claimed in claim 10, wherein, described test assignment information includes：The identification information of tested program, survey The identification information of examination object, the species of test object, test mode, the unfolding mode of test object, the operation ginseng of test object The information such as the system platform of number and tested program.

12. devices as claimed in claim 10, wherein, described second acquisition module is further adapted for：

13. devices as claimed in claim 10, wherein, described second acquisition module is further adapted for：

Arbitrary described device in 14. such as claim 10 to 13, wherein, a history loads record information and includes：Start and add Carry progress information, the start-up parameter of the start-up loading module and process loading in start-up loading module post-loaded module of module List, and described loading list include：All trial load path information when load-on module is loaded.

15. devices as claimed in claim 10, wherein, described use-case attribute information also includes：The installation kit storage of use-case The system platform information that location, the scripted code bag storage address of automatic program execution test of use-case, use-case run, use-case retry Number of times and use-case operational factor.

16. devices as claimed in claim 15, wherein, described installation and operation module is further adapted for：

17. devices as claimed in claim 10, wherein, described 3rd acquisition module is further adapted for：

18. devices as claimed in claim 10, wherein, the related implementation procedure information of described to preset malice load-on module Including：Use-case is directed to the preset loading record information of malice load-on module in running and/or preset malice loads The execution flag information of module.