CN111258892B - SQL injection test case generation method based on combined variation - Google Patents

SQL injection test case generation method based on combined variation Download PDF

Info

Publication number
CN111258892B
CN111258892B CN202010029005.2A CN202010029005A CN111258892B CN 111258892 B CN111258892 B CN 111258892B CN 202010029005 A CN202010029005 A CN 202010029005A CN 111258892 B CN111258892 B CN 111258892B
Authority
CN
China
Prior art keywords
test case
test
mutation
variation
payload
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010029005.2A
Other languages
Chinese (zh)
Other versions
CN111258892A (en
Inventor
赵靖
董天冉
王延斌
李志娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian University of Technology
Original Assignee
Dalian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian University of Technology filed Critical Dalian University of Technology
Priority to CN202010029005.2A priority Critical patent/CN111258892B/en
Publication of CN111258892A publication Critical patent/CN111258892A/en
Application granted granted Critical
Publication of CN111258892B publication Critical patent/CN111258892B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention belongs to the technical field of research of software security test, and discloses a SQL injection test case generation method based on combined variation, which is used for improving the number of successful SQL statement injections and the efficiency of SQL vulnerability detection. The method for generating the test case set by combining the combination test and the variation test can ensure the number of the test cases bypassing the filtering rule on the premise of saving the test space. And the test case set is applied to a detection system, so that the SQL loopholes can be verified to successfully attack the Web page.

Description

SQL injection test case generation method based on combined variation
Technical Field
The invention belongs to the technical field of research of software security testing, and mainly relates to a SQL injection test case generation method based on combined variation.
Background
With the continuous development of the science and technology level in the network era and the development of technologies such as big data and cloud computing, B/S mode application systems are widely applied in different fields, and due to the fact that the levels and experiences of programmers are different, when a large number of programmers write codes, the legality of data input by users is not judged, so that potential safety hazards exist in the application programs, and SQL injection is one of the technologies. SQL injection is a method of injecting SQL characters or commands in a Web-based input field in order to manipulate query execution in a Web backend SQL statement, which is the main target of attacks on Web servers.
Many defense methods, such as static analysis, dynamic detection, dynamic and static combination, machine learning, etc., have been followed to deal with this SQL injection problem. The fuzzy test method based on variation is a method for dynamically detecting SQL bugs. The method can change the original effective test cases to successfully bypass the filtering rules of the firewall, but with the increase of the types of the variable operators (the variable scripts used when the variable test cases are subjected to variation test), the number of the varied test cases increases exponentially, the problem of combined explosion is brought seriously, and if the number of the variable operators is controlled, the element combination coverage rate is reduced. Combinatorial testing can solve this problem, and aims to exploit as many faults as possible while ensuring a certain coverage, using as few test cases as possible. Therefore, the method and the device adopt a mode of combining combination and variation, ensure the combination coverage rate of the variation operator, and save the size of the test case space.
Disclosure of Invention
The application provides a SQL injection detection method based on combined variation, so that the size of a test space is reduced as much as possible on the premise of ensuring the success of attack.
The technical scheme of the invention is as follows:
the SQL injection test case generation method based on the combined variation comprises the following steps:
the method comprises the following steps: the payload of the original effective test case for detecting the SQLi vulnerability can be further expanded through a multiple variation method to generate a new test case with an attack effect; the detection effect of the test case generated by carrying out mutation on the payload by using the mutation method similar to the mutation rule is consistent when the SQLi vulnerability is detected, so that a large amount of unnecessary resource consumption is caused, and the method is to be avoided. Therefore, the invention abstracts the combination of different variation methods into a combination problem and reduces the number of the test cases after variation. The combination method specifically comprises the following steps:
step 1.1: the pointer module of SQLMap automated detection tool contains currently available 46 mutation operators, and the method proposes to divide these mutation operators into 5 major classes according to the similarity of mutation rules, and to record them as an ordered set P = { P = 1 ,p 2 ,p 3 ,...,p 5 }; and maps the individual mutation operators in each large class to numerical values, formally denoted as D (P) i ) = 0,1,2, ·, n }; wherein 0 indicates that the variant operator of this class is not used, and 1 to n indicate that the class p is classified as i The value corresponding to the variant operator of (3);
step 1.2: constructing a numerical test case model according to the divided variant operator classes, wherein the test case model is an ordered set consisting of 6 tuples with payload as a first element, namely { (v) 0 ,v 1 ,v 2 ,v 3 ,v 4 ,v 5 )|v 0 ∈D(P 0 ),v 1 ∈D(P 1 ),v 2 ∈D(P 2 ),v 3 ∈D(P 3 ),v 4 ∈D(P 4 ),v 5 ∈D(P 5 )}
(ii) a Wherein, P 0 Representing the original test case payload class, containing two common test cases, and numerically being D (P) 0 )={1,2};
Step two: in the variation process, a variation operator is adopted to carry out gradual variation on original test case payload, so that a T-way combined test method based on vertical expansion (IPOG) is selected, and the method generates a numerical test case by adopting a mode of firstly carrying out transverse expansion and then carrying out longitudinal expansion and is consistent with the variation process; taking the numerical test case model constructed in the step one and the coverage strength T (T is more than or equal to 1 and less than or equal to 5) as the input of an algorithm to generate a numerical test case scheme;
step three: and based on the numerical test case scheme generated in the second step, converting the original test cases payload into the test cases mutated by the mutation operator one by adopting a mutation-based fuzzy test. For example, converting the numerical type test case scenario (1, 0,2,4,2, 0) into the mutation operator type test case is "1% EF-BC-87 + or +1=1+ or +% EF% BC% 87-00".
The invention has the beneficial effects that: the method for generating the test case set by combining the combination test and the variation test can ensure the number of the test cases bypassing the filtering rule on the premise of saving the test space. And the test case set is applied to a detection system, so that the SQL loopholes can be verified to successfully attack the Web page.
Drawings
FIG. 1 is a flow chart of SQL injection test case generation based on a combinatorial mutation method.
Detailed Description
The present invention will be further described in detail with reference to the drawings and technical solutions.
Fig. 1 is a flowchart of a method for detecting SQL injection attacks based on a combined mutation method.
The method comprises the following steps: payload of an original effective test case for SQLi vulnerability detection can be further expanded through a multiple variation method, and a test case capable of bypassing firewall filtering rules is generated. The detection effect of the test case generated by carrying out mutation on the payload by using the mutation method similar to the mutation rule is consistent when the SQLi vulnerability is detected, so that a large amount of unnecessary resource consumption is caused, and the method is to be avoided. Therefore, the invention abstracts the combination of different mutation methods into a combination problem and reduces the number of the test cases after mutation.
Step 1.1: the patent proposes to divide mutation operators in a pointer module into 5 major classes according to similarity of mutation rules, and to record the major classes as an ordered set P = { P = 1 ,p 2 ,p 3 ,...,p 5 }. The method comprises the following five categories:
comment variant operator class, this group of operations is mainly to add the characters of comment class to the back of original test case payload, here 4 variant operators represent 4 kinds of comments: "-", "#", "%00", "and '0 had' = '0 had'". The four character strings are common annotation symbols or suffixes in SQL sentences, are added behind payload, interfere the execution logic of the original SQL sentences, and judge whether SQL bugs exist in the discovery, so that the attack purpose is achieved.
The Stringpointer class contains 8 variant operators, which are: between, bluecoat, greatest, lowercase, nonreturn vereplacement, randomcase, randomcomments, symbological.
The space2 mutation operator mainly replaces the space character in payload, and comprises 14 mutation methods: halfverted moles, modecertized, multiplesplaces, overlogutf 8, space2comment, space2dash, space2hash, space2morehash, space2mssql lan, space2mssql hash, space2mysql lan, space2mysql ash, space2plus, space2 randolan.
The apotitle variant operator mainly replaces a single quotation mark or a double quotation mark in the payload, and there are two variant methods, which are respectively: apostrophemsk, apostropheullene. In the attack process, quotation marks in the attack load are analyzed into special characters by the database, an attacker can escape and control the query of a developer to construct the query of the attacker and execute the query, and the filtering of the quotation marks by a defense system can be deceived.
The encode variant operator mainly changes the encoding mode of the character string in the payload, and includes 5 common variant encoding modes, which are respectively: base64encode, chardoubleenecode, charenecode, charonicodeenecode, percentage.
Mapping individual variant operators in the five broad classes to numerical values, denoted D (P) i ) = {0,1,2,. Eta, n }. Where 0 is of special significance here, it does not represent a specific parameter or operator, it is a placeholder for no-operation, and the remaining values represent the class p to which it belongs i The operator of (3) corresponds to a numerical value.
Step 1.2: the table of numerical variant operators constructed according to the above-mentioned divided variant operator classes is shown in table 1, where the first column is names of classes, the second column is a variant operator included in each class, and the test case model is an ordered set consisting of 6 tuples with payload as the first element, i.e., { (v) } 0 ,v 1 ,v 2 ,v 3 ,v 4 ,v 5 )|v 0 ∈D(P 0 ),v 1 ∈D(P 1 ),v 2 ∈D(P 2 ),v 3 ∈D(P 3 ),v 4 ∈D(P 4 ),v 5 ∈D(P 5 )}
. Wherein, P 0 The test case representing the original test case payload class, i.e. the aforementioned legal set of input values, or the normal SQL injection vulnerability, includes two common test cases,there is no 0 in the parameter settings because the initial value of the test case cannot be null. Is numbered as D (P) 0 )={1,2}。
TABLE 1 variant operator classes and values mapped by variant operators
Figure BDA0002363589690000051
Figure BDA0002363589690000061
Step two: because the mutation process adopts a mutation operator to gradually mutate the payload of the original test case, a T-way combined test method based on vertical expansion (IPOG) is selected. The specific process is as follows: the IPOG algorithm firstly constructs a T-way test set for a former k (k > T) variant operator; then expanding to a k +1 variation operator, and forming a new test set according to the T-way combination principle; and establishing a final test set until all the variant operator classes are traversed. The method takes the numerical test case model constructed in the step one and the coverage strength T (T is more than or equal to 1 and less than or equal to 5) as the input of the algorithm to generate the numerical test case scheme.
Step three: and based on the numerical test case scheme generated in the second step, converting the original test cases payload into the test cases mutated by the mutation operator one by adopting a mutation-based fuzzy test.
The concrete process is as follows: the method starts from the valid test case payload, and predefines the mutated number of times. And combining the numerical test case schemes according to the corresponding mutation operators and performing mutation one by one to generate a new test case after mutation. For example, converting the numerical type test case scenario (1, 0,2,4,2, 0) into the mutation operator type test case is "1% EF-BC-87 + or +1=1+ or +% EF% BC% 87-00".

Claims (1)

1. A SQL injection test case generation method based on combination variation is characterized by comprising the following steps:
the method comprises the following steps: payload of an original effective test case for detecting the SQLi vulnerability can be further expanded through a multiple variation method to generate a new test case with an attack effect;
step 1.1: the pointer module of SQLMap automatic detection tool comprises the currently available 46 mutation operators, and the method proposes to divide the mutation operators into 5 large classes according to the similarity of the mutation rules, and to record the 5 large classes as an ordered set P = { P = 1 ,p 2 ,p 3 ,...,p 5 }; and maps the individual mutation operators in each large class to numerical values, formalized as D (P) i ) = 0,1,2, ·, n }; wherein 0 indicates that the class variation operator is not used, and 1 to n indicate that the class p is classified i The value corresponding to the variant operator of (3);
step 1.2: constructing a numerical test case model according to the divided variant operator classes, wherein the test case model is an ordered set consisting of 6 tuples with payload as a first element, namely { (v) 0 ,v 1 ,v 2 ,v 3 ,v 4 ,v 5 )|v 0 ∈D(P 0 ),v 1 ∈D(P 1 ),v 2 ∈D(P 2 ),v 3 ∈D(P 3 ),v 4 ∈D(P 4 ),v 5 ∈D(P 5 ) }; wherein, P 0 Representing the original test case payload class, containing two common test cases, and being numerically D (P) 0 )={1,2};
Step two: in the variation process, the original test case payload is gradually varied by using a variation operator, so a T-way combined test method based on vertical expansion is adopted, and the method generates a numerical test case in a mode of firstly transverse expansion and then longitudinal expansion and is consistent with the variation process; taking the numerical test case model constructed in the step one and the coverage strength T as the input of an algorithm, wherein T is more than or equal to 1 and less than or equal to 5, and generating a numerical test case scheme;
step three: and based on the numerical test case scheme generated in the second step, original test cases payload are converted into test cases which are mutated by the mutation operator one by adopting a mutation-based fuzzy test.
CN202010029005.2A 2020-01-12 2020-01-12 SQL injection test case generation method based on combined variation Active CN111258892B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010029005.2A CN111258892B (en) 2020-01-12 2020-01-12 SQL injection test case generation method based on combined variation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010029005.2A CN111258892B (en) 2020-01-12 2020-01-12 SQL injection test case generation method based on combined variation

Publications (2)

Publication Number Publication Date
CN111258892A CN111258892A (en) 2020-06-09
CN111258892B true CN111258892B (en) 2022-11-18

Family

ID=70953119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010029005.2A Active CN111258892B (en) 2020-01-12 2020-01-12 SQL injection test case generation method based on combined variation

Country Status (1)

Country Link
CN (1) CN111258892B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114780398B (en) * 2022-04-14 2024-09-10 中国人民解放军战略支援部队信息工程大学 Cisco IOS-XE-oriented Web command injection vulnerability detection method
CN115809204A (en) * 2023-02-09 2023-03-17 天翼云科技有限公司 SQL injection detection test method, device and medium for cloud platform WAF

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831345A (en) * 2012-07-30 2012-12-19 西北工业大学 Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection
CN108616527A (en) * 2018-04-16 2018-10-02 贵州大学 One kind is towards SQL injection bug excavation method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051486B2 (en) * 2007-05-24 2011-11-01 Oracle International Corporation Indicating SQL injection attack vulnerability with a stored value

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831345A (en) * 2012-07-30 2012-12-19 西北工业大学 Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection
CN108616527A (en) * 2018-04-16 2018-10-02 贵州大学 One kind is towards SQL injection bug excavation method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于协议混合变形的Web安全模糊测试与效用评估方法;涂玲等;《计算机科学》;20170515(第05期);全文 *

Also Published As

Publication number Publication date
CN111258892A (en) 2020-06-09

Similar Documents

Publication Publication Date Title
Chen et al. A systematic review of fuzzing techniques
Muškardin et al. AALpy: an active automata learning library
Hooimeijer et al. A decision procedure for subset constraints over regular languages
CN106295338B (en) SQL vulnerability detection method based on artificial neuron network
CN111258892B (en) SQL injection test case generation method based on combined variation
US10140403B2 (en) Managing model checks of sequential designs
He et al. Sofi: Reflection-augmented fuzzing for javascript engines
Cassel et al. RALib: A LearnLib extension for inferring EFSMs
CN110659502B (en) Project version detection method and system based on text information incidence relation analysis
CN111475809B (en) Script confusion detection method, script confusion detection device, computer equipment and storage medium
Zeng et al. EtherGIS: a vulnerability detection framework for Ethereum smart contracts based on graph learning features
Bruggink et al. Termination analysis for graph transformation systems
Beccuti et al. Analysis of Petri net models through stochastic differential equations
CN102193858B (en) Test case set generation method
Mohammadi et al. Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism.
CN108647533B (en) Automatic generation method of safety assertion for detecting hardware trojan
CN110162472A (en) A kind of method for generating test case based on fuzzing test
CN114968750A (en) Test case generation method, device, equipment and medium based on artificial intelligence
CN102982282B (en) The detection system of bug and method
Zeng et al. An efficient vulnerability extrapolation using similarity of graph kernel of pdgs
Uetsuki et al. An efficient software testing method by decision table verification
CN111125996A (en) Method for realizing instruction set based on bidirectional constraint tree of pseudo-random excitation generator
CN110826062A (en) Malicious software detection method and device
Zhao et al. Threshold dynamics of the stochastic epidemic model with jump-diffusion infection force
Martin et al. Definition of the DISPEL Language

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant