CN109086606B - Program vulnerability mining method, device, terminal and storage medium - Google Patents

Program vulnerability mining method, device, terminal and storage medium Download PDF

Info

Publication number
CN109086606B
CN109086606B CN201810777363.4A CN201810777363A CN109086606B CN 109086606 B CN109086606 B CN 109086606B CN 201810777363 A CN201810777363 A CN 201810777363A CN 109086606 B CN109086606 B CN 109086606B
Authority
CN
China
Prior art keywords
data
test
test case
generating
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810777363.4A
Other languages
Chinese (zh)
Other versions
CN109086606A (en
Inventor
韩鸷桐
陈楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Beijing Co Ltd
Original Assignee
Tencent Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Beijing Co Ltd filed Critical Tencent Technology Beijing Co Ltd
Priority to CN201810777363.4A priority Critical patent/CN109086606B/en
Publication of CN109086606A publication Critical patent/CN109086606A/en
Application granted granted Critical
Publication of CN109086606B publication Critical patent/CN109086606B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

The invention relates to a program vulnerability mining method, a device, a terminal and a storage medium, wherein the method comprises the following steps: selecting a corresponding strategy template according to the test target; generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case; injecting the test case into the test target, testing the test target, and storing a log in the test process; and generating a recurrence script according to the strategy template and the log. The method and the device can accurately and effectively find the security loopholes in the program codes, improve the security and the reliability of the codes, and simultaneously improve the efficiency and the quality of loophole excavation.

Description

Program vulnerability mining method, device, terminal and storage medium
Technical Field
The invention relates to the technical field of computer security, in particular to a program vulnerability mining method, device, terminal and storage medium.
Background
The vulnerability is a trigger point for switching from a security domain to a non-security domain, namely, the defect of a system or software caused by poor design in the field of computer security can enable an attacker to access or damage the system under the unauthorized condition. Vulnerabilities are static, passive, but triggerable. Vulnerability mining refers to exploring unknown vulnerabilities, comprehensively applying various technologies and tools, and finding out potential vulnerabilities in software as much as possible.
Common vulnerability mining techniques include both user and kernel layer directions. The existing user layer vulnerability mining technology mainly aims at widely applied user software, such as a web browser, office software, outlook mailbox software and the like. The existing kernel layer vulnerability mining technology mainly aims at an operating system kernel layer, a file system layer, a network layer and the like.
Most of the existing vulnerability mining schemes are directed at the analysis of user layer software, and few schemes directed at a kernel layer are difficult to cover a graph library program, mainly because the graph library does not belong to a system core, is easy to ignore, is complex to realize, and cannot be deeply and effectively tested in the prior art.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a program vulnerability discovery method, device, terminal and storage medium, which can accurately and effectively discover security vulnerabilities in program codes and improve code security.
In order to solve the above technical problem, in a first aspect, the present invention provides a program vulnerability mining method, including:
selecting a corresponding strategy template according to the test target;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
In a second aspect, the present invention provides a program vulnerability discovery apparatus, including:
the strategy template selection module is used for selecting a corresponding strategy template according to the test target;
the test case generation module is used for generating a test case according to the strategy template, wherein the test case generation module comprises an interface test case generation module, a relation test case generation module and a data flow test case generation module;
the test execution module is used for injecting the test case into the test target, testing the test target and storing a log in the test process;
and the script use case reproduction module is used for generating a reproduction script according to the strategy template and the log.
In a third aspect, the present invention provides a terminal, including:
a processor and a memory, wherein the processor is configured to call and execute a program stored in the memory, the memory is configured to store a program, and the program is configured to:
selecting a corresponding strategy template according to the test target;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
In a fourth aspect, the present invention provides a computer storage medium having computer-executable instructions stored therein, the computer-executable instructions being loaded by a processor and performing the steps of:
selecting a corresponding strategy template according to the test target;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
The embodiment of the invention has the following beneficial effects:
selecting a strategy template according to a test target, and generating a corresponding test case according to the strategy template, wherein the test case comprises an interface test case generation, a data relation test case generation and a data flow test case generation; injecting the generated test case into a test target for testing, and storing a log in the testing process; and finally, generating a recurrence script according to the strategy template and the log. The method can accurately and effectively find the security loopholes in the program codes, improve the security and reliability of the codes, and simultaneously improve the efficiency and quality of loophole excavation; the vulnerability mining technology based on the interface, the data relation and the data flow solves the problem that various program vulnerabilities are difficult to detect by the traditional vulnerability mining technology.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without inventive efforts.
Fig. 1 is a schematic view of a vulnerability mining implementation scenario provided in an embodiment of the present invention;
fig. 2 is a schematic diagram of a user-level vulnerability mining method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a kernel layer vulnerability discovery method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a framework structure of a vulnerability discovery technique according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a program vulnerability mining method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of interface test case generation provided by the embodiment of the present invention;
FIG. 7 is a schematic diagram of generating a relational test case according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of generating a test case of a data stream according to an embodiment of the present invention;
FIG. 9 is a flowchart illustrating another method for program vulnerability discovery according to an embodiment of the present invention;
FIG. 10 is a diagram illustrating a program vulnerability discovery apparatus according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of an interface test case generation module according to an embodiment of the present invention;
FIG. 12 is a schematic diagram of a relational test case generation module according to an embodiment of the present invention;
FIG. 13 is a schematic diagram of a data flow test case generation module according to an embodiment of the present invention;
fig. 14 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
First, terms related to the embodiments of the present invention will be explained.
Script language: also known as a build language, or dynamic language, is a programming language used to control the programming of software applications, scripts are typically stored in text (e.g., ASCII) and are interpreted or compiled only when called.
A graphic library: is a library for rendering computer graphics on a display. A set of functions for performing rendering operations is usually provided, and such programs can be generally run completely on a CPU, and can also be hardware accelerated by using a GPU (graphics processing Unit). Because the implementation of such programs usually needs to interact with hardware (graphics card), the programs have higher execution authority (kernel authority), and if a defect occurs, the system is crashed slightly, and if the defect occurs, the system is utilized by a malicious main body, so that a safety accident is caused.
Security vulnerabilities: computer information systems are subject to deliberate or inadvertent bugs during requirements, design, implementation, configuration, operation, etc. The defects exist in various layers and links of the computer information system in different forms, and once the defects are utilized by a malicious subject, the safety of the computer information system is damaged, so that the normal operation of the computer information system is influenced.
The vulnerability mining method comprises the following steps: aiming at a target program, codes of the target program are analyzed by methods such as debugging, testing, manual auditing and the like, so that the aim of discovering security vulnerabilities existing in the target program is fulfilled.
Vulnerability mining device: the device for automatically excavating the vulnerability of the code of a target program by utilizing the computer automation technology is characterized in that the security vulnerability can be found under the unattended condition by utilizing the high-efficiency execution power of a computer.
The program referred to by the program bug in the present invention includes, but is not limited to, various system software, APP (Application), various device drivers, and the like.
The program vulnerability mining method can be directly operated on a single computer device, such as a personal computer, a server device or a cloud-simulated computer platform.
Referring to fig. 1, a schematic diagram of an implementation scenario of the present invention is shown, in which the whole vulnerability mining process is implemented in a host, a test target is installed in the host, the test target is tested by inputting a test command and data required for testing from the outside, and a test result is output, and the test result provides effective help for subsequent vulnerability cause analysis.
Referring to fig. 2, a schematic diagram of a user-level vulnerability mining method is shown, which repeatedly constructs a malformed sample that can be used by software of this type, runs and detects whether an anomaly occurs, and then collects the anomaly for cause analysis, specifically including:
and S210, constructing a malformed sample.
The construction of the malformed sample can be based on a normal document template, and a batch of malformed samples can be generated according to certain rules.
And S220, sending the malformed sample into target software.
S230, when the malformed sample is accepted by the target software, running the target software.
And S240, detecting whether the target software is abnormal or not.
And S250, when no abnormality occurs, acquiring the next malformed sample, returning to execute the step S220, and sending the next malformed sample to the target software.
And S260, when the abnormality occurs, recording the abnormal sample and the abnormal information which currently cause the abnormality.
The recorded exception information may include register state, stack state, etc. The staff can further analyze the reason causing the current error and whether the current bug can be utilized or not according to the abnormal information.
Please refer to fig. 3, which shows a schematic diagram of a kernel layer vulnerability mining method, where a malformed file, a malformed network data packet, and a random interface parameter are constructed to test a kernel layer, a system crash log is used to record kernel anomalies, and a cause is analyzed, where the method specifically includes:
and S310, constructing malformed data.
And S320, importing the malformed data into a target system module and running a system program.
S330, detecting whether the system is crashed.
S340, when the system crash does not occur, acquiring the next set of malformed data, and returning to execute the step S320.
And S350, when the system crash is detected, saving a system crash log.
In this embodiment, for vulnerability mining of a target program code of a graph library, the user-layer vulnerability mining technology and the kernel-layer vulnerability mining technology described in this embodiment both have certain defects.
The vulnerability mining technology of the user layer is characterized in that:
1. although the graphics library program exists in the user layer, the code security of the graphics library in the kernel is more important, and the kernel layer cannot be effectively touched only through the user layer test.
2. The graphic library is not a certain application software, is a basic library of the application software, sometimes only a certain module or a certain function, and since the malformed sample acts on the whole application software, the involved modules are numerous, so that the graphic library target is difficult to accurately touch, and a large amount of invalid tests are caused.
3. Due to the complex realization of the graphic library, the difficulty in constructing the sample is high, and the invalid sample is often generated.
Therefore, the user-level vulnerability mining technology cannot achieve effective vulnerability mining for the graphics library codes.
The vulnerability mining technology of the kernel layer is characterized in that:
1. because the kernel layer service belongs to the bottom layer service, the vulnerability testing program is usually written by using a bottom layer language similar to the C language, so that the sample and the record sample cannot be conveniently and rapidly generated, and the vulnerability testing program is often required to be recompiled after being changed. The graphic library is complex to implement, and the testing direction needs to be changed frequently, so that automation is difficult to realize.
2. Because the graphic library is complex to realize, is overlapped layer by layer, has a data format which is not public and a kernel interface format which is not public, the existing test method can not generate effective test data, and if a random value is adopted, the effective area is difficult to reach.
3. The kernel test method does not consider the particularity of the graphic library and is incompatible with the data and the interface of the graphic library.
4. The log function of the vulnerability mining technology of the kernel layer is complex, and the restoration and reproduction are inconvenient.
The embodiment of the invention provides a vulnerability mining technology, on the basis of the scene schematic of FIG. 1, a strategy template is transmitted into a host computer in a command line form, the output of a test result is provided in a mode of reproducing a script, a use case script and a system crash dump file when a vulnerability is triggered are recorded, and effective help is provided for the follow-up analysis of vulnerability causes. A framework structure diagram of a graph library-based vulnerability discovery technique can be seen in fig. 4, which includes a two-layer design of a framework layer and an application layer.
The application layer mainly realizes the vulnerability mining method provided by the invention, specifically comprises information of graphic library interface data, graphic library data relation and graphic library data flow, stores a strategy template provided by a tester, provides support for relation complication and data tuning, can be seamlessly connected with a framework, has flexible expansibility, and can perform targeted test on different graphic libraries, and the specific description is as follows:
graphic library interface data, data relationships, data flow: the data is the basis of the graph library vulnerability mining method in the scheme.
Strategy template: the strategy refers to the selection of test data and test interfaces when testing the graphic library, and the realization of the graphic library is complex, so that all modules cannot be covered by only one strategy, and the strategy template provides a flexible extension method for testers.
The data relationships are complicated: changes in data relationships can affect the execution path of the graphics library code, and the more complex the relationship, the more likely it is to trigger potential problems with the graphics library, thus providing support for complicating relationships.
And (3) optimizing data: when the graphic library test is carried out, a lot of test data are invalid, if tuning is not carried out, a large amount of time is wasted on invalid test, and therefore data tuning can be carried out according to test results. In particular, after a test is performed once, it is found that there is a significant amount of data that is unreasonably invalid, and when the test is performed again, the data needs to be removed from the test data.
The framework layer provides general functions and bottom layer support of the vulnerability discovery device, is light in weight and cross-platform, and enables the vulnerability discovery device to have multiple functions such as abnormity monitoring, hot updating of strategy templates, automatic restarting, script recurrence and the like.
Please refer to fig. 5, which illustrates a program vulnerability discovery method, which can implement effective test on a graph library by relying on a vulnerability discovery framework based on a script for the characteristics of the graph library, and the method specifically includes:
and S510, selecting a corresponding strategy template according to the test target.
Before testing, an appropriate strategy template needs to be selected according to a test target so as to prevent invalid testing. The test target can be a graphic library interface, a graphic library data relation or a graphic library data stream, and different test targets correspond to different strategy templates. For the three test targets mentioned above, they may be tested simultaneously, or only one of them may be tested separately, and in the actual operation process, the test targets may be determined according to the actual test requirements.
S520, generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case.
The test cases can be generated in batch according to the strategy template so as to improve the test coverage of the target.
The graphic library interface is directly connected with the inside of the graphic library, so that the test of the interface is the most direct and effective mode, and the generation of the interface test case comprises the following steps:
s610, interface data are constructed, and the interface data are generated according to a preset standard.
The generation needs to be customized according to the service interface of the graphic library, because the interface of the graphic library is complex and the controllable range of data is large, for example, a large amount of invalid data can be generated by pure randomness.
And S620, performing data randomization on the interface data generated according to the preset standard.
In order to comprehensively test the graphic library, various malformed data are needed, so that data randomization is needed as much as possible on the basis of customization, and the influence range and the influence depth are enlarged.
And S630, classifying and assembling the interfaces, and sequencing the classified and assembled interfaces according to a preset logic.
Because the number of the graphic library interfaces is large, the relationship is tight, if the interfaces are randomly ordered, the logic is not communicated, and the effective calling cannot be achieved, the interfaces need to be classified and assembled, and the ordering is carried out according to the logic of the graphic library.
And S640, performing sequence randomization on the execution sequence of the interface.
In order to test the pattern library completely, a single execution sequence is certainly insufficient, so that the sequence randomization as much as possible is required on the basis of logic correctness, and the test range and the test depth are enlarged.
The data structure in the graph library is complex, so that bugs can be effectively triggered by constructing various data structures and combining complex data relationships, and the generation of the data relationship test case comprises the following steps:
and S710, constructing relationship data, wherein the relationship data are generated according to a preset standard.
And S720, carrying out relation data randomization on the relation data.
Based on the purpose of testing, the content needs to be randomized as much as possible on the basis of accurate relationship, so that the comprehensive testing can be realized.
And S730, classifying the relation.
The graphic library has a plurality of relations, and the relations are different according to different modules, so that the relations need to be classified, and further more targeted testing can be realized.
And S740, on the basis that the basic relation is correct, carrying out relation complication on the relation.
The method needs to be formulated by relying on a graph library data relation standard, for example, a dot-line structure line and a line structure plane cannot be confused, and the change of the relation affects the execution logic of the graph library code, so that the graph library code needs to be complicated as much as possible on the basis of correct relation, such as dot-line-plane combination, color fusion and the like.
No matter the graph library or other programs, the data stream is indispensable, and the wider and deeper the data stream, the more execution paths of the program can be triggered, so that it is necessary to have a mining method for the graph library data stream, and the generating of the data stream test case includes:
and S810, constructing a data stream, wherein the data stream is generated according to a preset standard.
And S820, analyzing the data stream in the last test to obtain the trend of the data stream.
After a data test is performed, data flow analysis is required, and most commonly, a manual intervention method is used for debugging to analyze data trends. In addition, software can be used for automatic analysis, and the common mode is code instrumentation or dynamic injection and other technologies.
And S830, performing data breadth optimization on the current data stream according to the reachable path of the current data stream.
After the data stream is analyzed, the data of the graphic library can be subjected to breadth optimization according to the reachable path of the current stream, the transverse range of the data stream is expanded, the coverage area is increased, and the data stream has a wider and deeper flow direction.
And S840, performing data depth optimization on the current data stream according to the reachable path of the data stream.
After the data stream is analyzed, the data of the graphic library can be deeply optimized according to the reachable path of the current stream, and the deep test of the target is increased.
S530, injecting the test case into the test target, testing the test target, and storing a log in the test process.
And S540, generating a recurrence script according to the strategy template and the log.
Specifically, in the test process, when the graphics library is abnormally collapsed, logs of abnormal conditions and a system collapse dump file need to be stored, and a use case script is restored, so that when the graphics library is mistaken, a field is timely stored, and a guarantee is provided for subsequent vulnerability reproduction and vulnerability cause analysis.
And after the site with the abnormal condition is stored, restoring the script triggering the vulnerability of the graphic library according to a specified format according to files such as a strategy template, a log and the like to generate a reproducible script.
Please refer to fig. 9, which shows a flowchart of a program vulnerability mining method, including:
s910, remotely and thermally updating the strategy template according to the test requirement of the test target.
Under the condition that the test machine does not need to be restarted, the strategy template is updated according to the test requirement, so that the test complexity can be reduced, and the efficiency is improved.
And S920, selecting the corresponding strategy template according to the test target.
To prevent invalid testing, a policy template that fits the test target needs to be selected.
And S930, generating a test case according to the strategy template.
The test cases can be generated in batch to improve the test coverage of the target.
And S940, injecting the test case into the test target, testing the test target, and storing the log in the test process.
S950, detecting whether the tested target program is abnormal or not in the testing process.
S960, when no abnormity appears, the strategy template is dynamically adjusted according to the returned test result, and the step S910 is returned to continue to be executed.
And S970, when the abnormity occurs, generating a recurrence script according to the strategy template and the log.
And S980, detecting the running condition of the script in real time in the test process.
And S990, when the abnormal condition of the script operation is detected, automatically quitting the script and restarting the system.
After the restart, the vulnerability mining operation can be automatically continuously executed according to the vulnerability mining flow.
And the abnormal monitoring of the script in the test process is executed in parallel with the test, and when the problem of the running script is found, the test cannot be continued, the test is automatically restarted, so that the test stability is greatly improved, and the automation is completed.
The embodiment of the invention provides a specific vulnerability mining case, the testing platform of the case is a 32-bit system of Windows 7, taking Microsoft official default graphic library win32k as an example.
The present case is only tested for the data relationship in the win32k, and the related relationships in the present case are window, dc, bitmap, etc.
By adopting the vulnerability mining method based on the graphic library, a vulnerability is generated finally, and the system crash is caused, wherein the main information of the system crash is as follows:
1.0:kd>!analyze-v
2.KERNEL_MODE_EXCEPTION_NOT_HANDLED_M(1000008e)
3.This is a very common bugcheck.Usually the exception addresspinpoints
4.the driver/function that caused the problem.Always note thisaddress
5.as well as the link date of the driver/image that contains thisaddress.
6.Some common problems are exception code 0x80000003.This means ahard
7.coded breakpoint or assertion was hit,but this system was booted
8./NODEBUG.This is not supposed to happen as developers should neverhave
9.hardcoded breakpoints in retail code,but...
10.If this happens,make sure a debugger gets connected,and the
11.system is booted/DEBUG.This will let us see why this breakpoint is
12.happening.
13.Arguments:
14.Arg1:c0000005,The exception code that was not handled
15.Arg2:905920e2,The address that the exception occurred at
16.Arg3:93b13a30,Trap Frame
17.Arg4:00000000
18.FAULTING_IP:
19.win32k!GreGradientFill+412
20.905920e2f6432480test byte ptr[ebx+24h],80h
21.TRAP_FRAME:93b13a30--(.trap 0xffffffff93b13a30)
22.ErrCode=00000000
23.eax=fa860720ebx=00000000ecx=fa860d20edx=000007c3esi=fab24da8edi=00000000
24.eip=905920e2esp=93b13aa4ebp=93b13bc4iopl=0nv up ei pl nz na ponc
25.cs=0008ss=0010ds=0023es=0023fs=0030gs=0000efl=00010202
26.win32k!GreGradientFill+0x412:
27.905920e2f6432480test byte ptr[ebx+24h],80h ds:0023:00000024=??
28.STACK_TEXT:
29.93b13bc4 905927f3 00000001f9854fc0 00000003win32k!GreGradientFill+0x412
30.93b13c14 82858db6 1701072c 00000001 00000003win32k!NtGdiGradientFill+0x178
31.93b13c14 76df6bf4 1701072c 00000001 00000003nt!KiSystemServicePostCall
32.WARNING:Frame IP not in any known module.Following frames may bewrong.
33.0021f9d8 00000000 00000000 00000000 00000000 0x76df6bf4
34.FOLLOWUP_IP:
35.win32k!GreGradientFill+412
36.905920e2f6432480test byte ptr[ebx+24h],80h
finally, restoring the script generating the vulnerability according to the log file, the system crash dump file and the strategy template which are saved when the graphic library system crashes, wherein the result is as follows:
Figure BDA0001731677460000111
Figure BDA0001731677460000121
Figure BDA0001731677460000131
an embodiment of the present invention further provides a program vulnerability discovery apparatus, please refer to fig. 10, including:
and a strategy template selection module 1010, configured to select a corresponding strategy template according to the test target.
The test case generating module 1020 is configured to generate a test case according to the policy template, where the test case generating module 1020 includes an interface test case generating module 1021, a relationship test case generating module 1022, and a data flow test case generating module 1023.
And the test execution module 1030 is configured to inject the test case into the test target, test the test target, and store a log in a test process.
And the script use case recurrence module 1040 is configured to generate a recurrence script according to the policy template and the log.
Referring to fig. 11, the interface test case generation module 1021 includes:
the interface data constructing module 1110 is configured to construct interface data, where the interface data is generated according to a preset standard.
An interface data randomizing module 1120, configured to perform data randomization on the interface data generated according to the preset standard.
The interface classification module 1130 is configured to perform classification and assembly on the interfaces, and sort the interfaces after the classification and assembly according to a preset logic.
A sequence randomization module 1140 for performing sequence randomization on the execution sequence of the interface.
Referring to fig. 12, the relational test case generation module 1022 includes:
a relationship data construction module 1210, configured to construct relationship data, where the relationship data is generated according to a preset standard.
A relationship data randomizing module 1220, configured to randomize relationship data of the relationship data.
A relationship classification module 1230 for classifying the relationship.
A relationship complication module 1240 for performing a relationship complication on the relationship based on the primary relationship being correct.
Referring to fig. 13, the data flow test case generation module 1023 includes:
a data stream constructing module 1310 configured to construct a data stream, where the data stream is generated according to a preset standard.
The data flow analysis module 1320 is configured to analyze a data flow in a last test to obtain a trend of the data flow.
The breadth optimization module 1330 is configured to perform data breadth optimization on the current data flow according to the reachable path of the current data flow.
The deep optimization module 1340 is configured to perform deep data optimization on the current data stream according to the reachable path of the data stream.
The test execution module 1030 may further include a log saving and script restoring module and a system crash file saving module, which ensure that a field is saved in time when an error occurs in the graphics library, and provide a guarantee for subsequent vulnerability reproduction and vulnerability cause analysis.
Further, the vulnerability exploiting device further comprises:
and the strategy template hot updating module 1050 is used for remotely and thermally updating the strategy template according to the test requirement of the test target when the mining strategy needs to be changed.
And the dynamic adjustment module 1060 is configured to dynamically adjust the policy template according to a returned test result in the test process.
And the anomaly monitoring module 1070 is used for monitoring the running condition of the script in real time.
The automatic restart module 1080 is configured to restart the system to restore the graph library, when the vulnerability discovery apparatus operates for a period of time, since the graph library may be in a specific state and cannot be changed. For example, when the script is detected to be abnormally operated, the script is automatically exited and restarted.
Other implementation details of the apparatus are the same as those of the vulnerability discovery method provided in fig. 5 to 9, and are not described herein again.
Referring to fig. 14, which shows a schematic diagram of a terminal, in particular, a terminal 1400 may include RF (Radio Frequency) circuit 1410, memory 1420 including one or more computer-readable storage media, input unit 1430, display unit 1440, sensor 1450, audio circuit 1460, WiFi (wireless fidelity) module 1470, processor 1480 including one or more processing cores, and power supply 1490. Those skilled in the art will appreciate that the terminal structure shown in fig. 14 is not intended to be limiting and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. Wherein:
RF circuit 1410 may be used for receiving and transmitting signals during a message or call, and in particular, for receiving downlink information from a base station and then processing the received downlink information by one or more processors 1480, and further, for transmitting data related to uplink to the base station.
The memory 1420 may be used to store software programs and modules, and the processor 1480 executes various functional applications and data processing by operating the software programs and modules stored in the memory 1420. The memory 1420 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, application programs required for functions (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal 1400, and the like. Further, memory 1420 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 1420 may also include a memory controller to provide the processor 1480 and the input unit 1430 access to the memory 1420.
The input unit 1430 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, input unit 1430 may include a touch-sensitive surface 1431 as well as other input devices 1432. Touch-sensitive surface 1431, also referred to as a touch display screen or touch pad, may collect touch operations by a user on or near the touch-sensitive surface 1431 (e.g., operations by a user on or near the touch-sensitive surface 1431 using a finger, a stylus, or any other suitable object or attachment), and drive the corresponding connection device according to a predefined program. Optionally, touch-sensitive surface 1431 may include both touch detection means and touch controller portions. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device and converts it to touch point coordinates, which are provided to the processor 1480 and can receive and execute commands from the processor 1480. Additionally, the touch-sensitive surface 1431 may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves, among others. In addition to touch-sensitive surface 1431, input unit 1430 may also include other input devices 1432. In particular, other input devices 1432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
Display unit 1440 may be used to Display information input by or provided to a user, as well as various graphical user interfaces of terminal 1400, which may be comprised of graphics, text, icons, video, and any combination thereof, Display unit 1440 may include a Display panel 1441, which may optionally be configured in the form of L CD (L iquid Crystal Display ), O L ED (Organic L light-Emitting Diode), etc. further, touch-sensitive surface 1431 may overlay Display panel 1441, which, when touch-sensitive surface 1431 detects a touch operation on or near it, communicates to processor 1480 to determine the type of touch event, and processor 1480 then provides a corresponding visual output on Display panel 1441 depending on the type of touch event, although in FIG. 14, touch-sensitive surface 1431 and Display panel 1441 may implement input and input functions as two separate components, although in some embodiments, touch-sensitive surface 1431 may implement Display input and output functions integrally with touch-sensitive surface 1441.
Terminal 1400 can also include at least one sensor 1450, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 1441 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 1441 and/or a backlight when the terminal 1400 moves to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when the terminal is stationary, and can be used for applications of recognizing terminal gestures (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the terminal 1400, detailed descriptions thereof are omitted.
The audio circuit 1460, speaker 1461, and microphone 1462 may provide an audio interface between a user and the terminal 1400. The audio circuit 1460 can transmit the received electrical signal converted from the audio data to the loudspeaker 1461, and the electrical signal is converted into a sound signal by the loudspeaker 1461 and output; on the other hand, the microphone 1462 converts collected sound signals into electrical signals, which are received by the audio circuit 1460 and converted into audio data, which are then processed by the audio data output processor 1480, and then passed through the RF circuit 1410 for transmission to, for example, another terminal, or output to the memory 1420 for further processing. The audio circuit 1460 may also include an earbud jack to provide communication of peripheral headphones with the terminal 1400.
WiFi belongs to short-distance wireless transmission technology, and the terminal 1400 can help the user send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 1470, which provides the user with wireless broadband internet access.
The processor 1480, which is the control center of the terminal 1400, connects the various parts of the overall terminal using various interfaces and lines, and performs various functions of the terminal 1400 and processes data by running or executing software programs and/or modules stored in the memory 1420 and calling up data stored in the memory 1420, thereby performing overall monitoring of the terminal. Optionally, the processor 1480 may include one or more processing cores; preferably, the processor 1480 may integrate an application processor, which handles primarily operating systems, user interfaces, and applications, among others, with a modem processor, which handles primarily wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1480.
The terminal 1400 also includes a power supply 1490 (e.g., a battery) that powers the various components and is preferably logically coupled to the processor 1480 via a power management system that provides management of charging, discharging, and power consumption. The power supply 1490 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuits, power converters or inverters, power status indicators, and the like.
Although not shown, the terminal 1400 may further include a camera, a bluetooth module, etc., which will not be described herein. Specifically, in this embodiment, the display unit of the terminal is a touch screen display, the terminal further includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs include instructions for:
selecting a corresponding strategy template according to the test target;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
The present embodiments also provide a computer-readable storage medium having stored thereon computer-executable instructions that are loaded by a processor and perform the steps of:
selecting a corresponding strategy template according to the test target;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
The vulnerability mining method based on the service interface, the data relation and the data flow, which is mentioned in the application, not only can be applied to a graph library, but also can be applied to vulnerability detection of other various software (such as a system kernel, various device drivers and the like). The vulnerability mining method can be applied to vulnerability mining and detection, and can also be used in scenes such as behavior analysis and detection of malicious applications.
Meanwhile, the vulnerability mining device is an extensible vulnerability mining basic framework, and can be used for not only a graph library but also vulnerability mining of other various kinds of software.
The present specification provides method steps as described in the examples or flowcharts, but may include more or fewer steps based on routine or non-inventive labor. The steps and sequences recited in the embodiments are but one manner of performing the steps in a multitude of sequences and do not represent a unique order of performance. In the actual system or interrupted product execution, it may be performed sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The configurations shown in the present embodiment are only partial configurations related to the present application, and do not constitute a limitation on the devices to which the present application is applied, and a specific device may include more or less components than those shown, or combine some components, or have an arrangement of different components. It should be understood that the methods, apparatuses, and the like disclosed in the embodiments may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a division of one logic function, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or unit modules.
Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (12)

1. A program vulnerability mining method is characterized by comprising the following steps:
selecting a corresponding strategy template according to the test target; the test target comprises a graphic library interface, a graphic library data relation and a graphic library data stream, and the graphic library is installed in the host; the policy template is passed into the host in the form of a command line;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case; the generating of the interface test case comprises: constructing interface data, wherein the interface data are generated according to a preset standard; performing data randomization on the interface data generated according to the preset standard; classifying and assembling the interfaces, and sequencing the classified and assembled interfaces according to a preset logic; performing sequence randomization on an execution sequence of the interface;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
2. The method of claim 1, wherein the generating a data relationship test case comprises:
constructing relation data, wherein the relation data are generated according to a preset standard;
randomizing the relationship data;
classifying the relationship;
on the basis that the basic relationship is correct, the relationship is complicated.
3. The method of claim 1, wherein the generating the dataflow test case comprises:
constructing a data stream, wherein the data stream is generated according to a preset standard;
analyzing the data flow in the last test to obtain the trend of the data flow;
performing data breadth optimization on the current data stream according to the reachable path of the current data stream;
and performing data depth optimization on the current data stream according to the reachable path of the data stream.
4. The method for program vulnerability discovery according to claim 1, wherein the method comprises:
and when the mining strategy needs to be changed, remotely and thermally updating the strategy template according to the test requirement of the test target.
5. The method for program vulnerability discovery according to claim 4, wherein the method further comprises:
and in the test process, dynamically adjusting the strategy template according to the returned test result.
6. A program vulnerability discovery apparatus, comprising:
the strategy template selection module is used for selecting a corresponding strategy template according to the test target; the test target comprises a graphic library interface, a graphic library data relation and a graphic library data stream, and the graphic library is installed in the host; the policy template is passed into the host in the form of a command line;
the test case generation module is used for generating a test case according to the strategy template, wherein the test case generation module comprises an interface test case generation module, a relation test case generation module and a data flow test case generation module; the interface test case generation module comprises: the interface data construction module is used for constructing interface data, and the interface data are generated according to a preset standard; the interface data randomization module is used for performing data randomization on the interface data generated according to the preset standard; the interface classification module is used for classifying and assembling the interfaces and sequencing the classified and assembled interfaces according to a preset logic; the sequence randomization module is used for performing sequence randomization on the execution sequence of the interface;
the test execution module is used for injecting the test case into the test target, testing the test target and storing a log in the test process;
and the script use case reproduction module is used for generating a reproduction script according to the strategy template and the log.
7. The apparatus according to claim 6, wherein the relational test case generation module comprises:
the relational data construction module is used for constructing relational data, and the relational data are generated according to a preset standard;
the relation data randomization module is used for randomizing the relation data;
a relationship classification module for classifying the relationship;
and the relationship complicating module is used for carrying out relationship complicating on the relationship on the basis that the basic relationship is correct.
8. The apparatus of claim 7, wherein the data flow test case generation module comprises:
the data flow construction module is used for constructing a data flow, and the data flow is generated according to a preset standard;
the data flow analysis module is used for analyzing the data flow in the last test to obtain the trend of the data flow;
the breadth optimization module is used for carrying out data breadth optimization on the current data stream according to the reachable path of the current data stream;
and the depth optimization module is used for performing data depth optimization on the current data stream according to the reachable path of the data stream.
9. The program vulnerability mining apparatus of claim 7, wherein the apparatus further comprises:
and the strategy template hot updating module is used for remotely and thermally updating the strategy template according to the test requirement of the test target when the mining strategy needs to be changed.
10. The apparatus of claim 9, wherein the apparatus further comprises:
and the dynamic adjustment module is used for dynamically adjusting the strategy template according to the returned test result in the test process.
11. A terminal, comprising:
a processor and a memory, wherein the processor is configured to call and execute a program stored in the memory, the memory is configured to store a program, and the program is configured to:
selecting a corresponding strategy template according to the test target; the test target comprises a graphic library interface, a graphic library data relation and a graphic library data stream, and the graphic library is installed in the host; the policy template is passed into the host in the form of a command line;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case; the generating of the interface test case comprises: constructing interface data, wherein the interface data are generated according to a preset standard; performing data randomization on the interface data generated according to the preset standard; classifying and assembling the interfaces, and sequencing the classified and assembled interfaces according to a preset logic; performing sequence randomization on an execution sequence of the interface;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
12. A computer storage medium having stored therein computer-executable instructions, the computer-executable instructions being loaded by a processor and performing the steps of:
selecting a corresponding strategy template according to the test target; the test target comprises a graphic library interface, a graphic library data relation and a graphic library data stream, and the graphic library is installed in the host; the policy template is passed into the host in the form of a command line;
generating a test case according to the strategy template, wherein the generating of the test case comprises generating an interface test case, generating a data relation test case and generating a data flow test case; the generating of the interface test case comprises: constructing interface data, wherein the interface data are generated according to a preset standard; performing data randomization on the interface data generated according to the preset standard; classifying and assembling the interfaces, and sequencing the classified and assembled interfaces according to a preset logic; performing sequence randomization on an execution sequence of the interface;
injecting the test case into the test target, testing the test target, and storing a log in the test process;
and generating a recurrence script according to the strategy template and the log.
CN201810777363.4A 2018-07-16 2018-07-16 Program vulnerability mining method, device, terminal and storage medium Active CN109086606B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810777363.4A CN109086606B (en) 2018-07-16 2018-07-16 Program vulnerability mining method, device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810777363.4A CN109086606B (en) 2018-07-16 2018-07-16 Program vulnerability mining method, device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN109086606A CN109086606A (en) 2018-12-25
CN109086606B true CN109086606B (en) 2020-08-07

Family

ID=64837975

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810777363.4A Active CN109086606B (en) 2018-07-16 2018-07-16 Program vulnerability mining method, device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN109086606B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992503B (en) * 2019-01-25 2022-10-11 北京丁牛科技有限公司 Automatic testing method and device
CN109933989B (en) * 2019-02-25 2021-09-07 腾讯科技(深圳)有限公司 Method and device for detecting vulnerability
CN110825642B (en) * 2019-11-11 2021-01-01 浙江大学 Software code line-level defect detection method based on deep learning
CN113591090B (en) * 2020-04-30 2024-01-09 腾讯科技(深圳)有限公司 Program bug reporting method, device, equipment and storage medium
CN113434417B (en) * 2021-06-29 2023-06-16 青岛海尔科技有限公司 Regression testing method and device for loopholes, storage medium and electronic device
CN114422274B (en) * 2022-03-29 2022-07-05 腾讯科技(深圳)有限公司 Multi-scene vulnerability detection method and device based on cloud protogenesis and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005532A (en) * 2015-08-05 2015-10-28 广东欧珀移动通信有限公司 System for automatically testing stability of application program interface and method
CN105138459A (en) * 2015-09-11 2015-12-09 北京金山安全软件有限公司 Method and device for testing software program
CN107315961A (en) * 2017-07-11 2017-11-03 北京奇虎科技有限公司 Bug detection method and device, computing device, storage medium
CN107656863A (en) * 2016-11-03 2018-02-02 华东师范大学 A kind of data flow method of testing and its test system based on key point guiding
CN108268348A (en) * 2017-12-08 2018-07-10 广州视源电子科技股份有限公司 Interface test method, device, mobile terminal and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020529B (en) * 2012-10-31 2015-12-09 中国航天科工集团第二研究院七○六所 A kind of software vulnerability analytical approach based on model of place
CN104572031A (en) * 2013-10-09 2015-04-29 腾讯科技(深圳)有限公司 Method and device for generating test case
US9684507B2 (en) * 2015-03-31 2017-06-20 Ca, Inc. Effective defect management across multiple code branches
CN107368417B (en) * 2017-07-25 2020-10-23 中国人民解放军63928部队 Testing method of vulnerability mining technology testing model

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005532A (en) * 2015-08-05 2015-10-28 广东欧珀移动通信有限公司 System for automatically testing stability of application program interface and method
CN105138459A (en) * 2015-09-11 2015-12-09 北京金山安全软件有限公司 Method and device for testing software program
CN107656863A (en) * 2016-11-03 2018-02-02 华东师范大学 A kind of data flow method of testing and its test system based on key point guiding
CN107315961A (en) * 2017-07-11 2017-11-03 北京奇虎科技有限公司 Bug detection method and device, computing device, storage medium
CN108268348A (en) * 2017-12-08 2018-07-10 广州视源电子科技股份有限公司 Interface test method, device, mobile terminal and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于数据流的软件测试序列自动生成技术研究";刘勇 等;《微电子学与计算机》;20050531(第5期);第131-135页 *

Also Published As

Publication number Publication date
CN109086606A (en) 2018-12-25

Similar Documents

Publication Publication Date Title
CN109086606B (en) Program vulnerability mining method, device, terminal and storage medium
CN107038112B (en) Application interface debugging method and device
US9280451B2 (en) Testing device
RU2767143C2 (en) Decision-making control using machine learning in case of alerts coming from current control systems
CN110196795B (en) Method and related device for detecting running state of mobile terminal application
CN105630685A (en) Method and device for testing program interface
CN104516812A (en) Method and device for testing software
CN106649126B (en) Method and device for testing application program
CN104115117A (en) Automatic synthesis of unit tests for security testing
CN104123218A (en) Method, device and system for code coverage test
WO2018024138A1 (en) Method, device, terminal and computer storage medium for detecting malicious website
CN111723002A (en) Code debugging method and device, electronic equipment and storage medium
CN110826058A (en) Malware detection based on user interaction
CN110895509B (en) Test processing method and device, electronic equipment and storage medium
CN113268416A (en) Application program testing method and device, storage medium and terminal
CN104809054A (en) Method and system for realizing program testing
CN110069407B (en) Function test method and device for application program
CN110765085A (en) Log information writing method, system, storage medium and mobile terminal
CN107967203B (en) Function judgment method and device based on executable file
CN106709330B (en) Method and device for recording file execution behaviors
CN103729283B (en) System log output method and device and terminal device
CN112084104A (en) Abnormity testing method and device
CN109739758B (en) Test case conversion method and device
CN109145598B (en) Virus detection method and device for script file, terminal and storage medium
CN115600213A (en) Vulnerability management method, device, medium and equipment based on application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20190115

Address after: Room 1601-1608, Floor 16, Yinke Building, 38 Haidian Street, Haidian District, Beijing

Applicant after: Tencent Technology (Beijing) Co., Ltd

Address before: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Applicant before: Tencent Technology (Shenzhen) Co., Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant