CN111753306B - Intelligent contract vulnerability detection method and device, electronic equipment and storage medium - Google Patents
Intelligent contract vulnerability detection method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111753306B CN111753306B CN202010476194.8A CN202010476194A CN111753306B CN 111753306 B CN111753306 B CN 111753306B CN 202010476194 A CN202010476194 A CN 202010476194A CN 111753306 B CN111753306 B CN 111753306B
- Authority
- CN
- China
- Prior art keywords
- test
- chain code
- fuzzy
- chain
- input parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 54
- 238000012360 testing method Methods 0.000 claims abstract description 379
- 238000000034 method Methods 0.000 claims abstract description 63
- 238000004458 analytical method Methods 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 17
- 230000003068 static effect Effects 0.000 claims description 10
- 238000006243 chemical reaction Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 14
- 238000012546 transfer Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 239000000523 sample Substances 0.000 description 5
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000004744 fabric Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an intelligent contract vulnerability detection method and device, electronic equipment and a storage medium. The method comprises the following steps: acquiring a chain code to be detected; generating a test API file of the chain code and generating a control flow graph; inserting a cover label and a detection label in the chain code according to the control flow graph; the coverage label is used for recording the execution path of the chain code; the detection label is used for recording branch switching-in information of the execution path; performing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test; wherein, the test corpus is updated or not updated according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to a test text set obtained after the last fuzzy test is executed; and determining the loophole existing in the plug-in chain code according to the test results of the multiple times of fuzzy tests, and taking the loophole as the loophole existing in the chain code to be detected. The invention can effectively evaluate the safety of the chain code.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to an intelligent contract vulnerability detection method and device, electronic equipment and a storage medium.
Background
HyperLegendr Fabric is a blockchain platform proposed and maintained by the Linux foundation, and is focused on privacy and security, and the supported intelligent contract is chain code (chainocode); as the chain code is widely adopted, the requirement for the security of the chain code is gradually increased. Therefore, it is necessary to perform vulnerability detection on the chain codes before the chain codes are deployed to the blockchain, so as to avoid security vulnerabilities of the chain codes deployed to the blockchain.
In the related art, a vulnerability of a chain code is analyzed based on a static analysis method. However, static analysis does not actually run the chain code, and a possible vulnerability of the chain code in actual running cannot be detected; moreover, static analysis methods often detect errors that do not exist in the actual operation of the chain code; therefore, it is difficult to effectively evaluate the security of the chain code by detecting the vulnerability through the static analysis method.
Disclosure of Invention
In order to effectively evaluate the security of chain codes, the invention provides an intelligent contract vulnerability detection method, an intelligent contract vulnerability detection device, electronic equipment and a storage medium.
The technical problem to be solved by the invention is realized by the following technical scheme:
in a first aspect, the invention provides an intelligent contract vulnerability detection method, wherein an intelligent contract is a chain code; the method comprises the following steps:
acquiring a chain code to be detected;
generating a test API (Application Programming Interface) file of the chain code, and generating a control flow graph of the chain code;
according to the control flow graph, inserting a covering label and a detection label in the chain code to obtain an inserted chain code; the coverage label is used for recording the execution path of the chain code; the detection tag is used for recording branch switching-in information of the execution path;
performing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test; wherein, the input parameters of the first fuzzing test are initial parameters in a test text set; the test corpus is updated or not updated according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to a test text set obtained after the last fuzzy test is executed;
and determining the loophole of the plug-in chain code according to the test results of the multiple times of fuzzy tests, and using the loophole as the loophole of the chain code to be detected.
Optionally, the performing, by the test API file, multiple fuzz tests on the instrumentation chain code to obtain a test result of each fuzz test includes:
in each fuzzing test, the following steps are realized through the test API file:
judging whether the format of the input parameter of the fuzzy test conforms to a preset invalid format or not;
when the judgment result is yes, obtaining the result that the input parameters of the fuzzy test are invalid, and not updating the test corpus;
if not, converting the input parameters of the fuzzy test into a format matched with the chain code; inputting the input parameters after format conversion into the plug-in chain codes to operate, obtaining the execution path and branch switching-in information of the plug-in chain codes as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch switching-in information.
Optionally, the step of updating or not updating the test corpus according to the obtained execution path and branch forwarding information includes:
judging whether the execution path of the fuzzy test is an uncovered path or not according to the obtained execution path and branch switching-in information;
when the execution path of the secondary fuzzy test is an uncovered path, adding the input parameters of the secondary fuzzy test into the test text set;
and when the execution path of the fuzzy test is not an uncovered path, not updating the test corpus.
Optionally, determining, according to the test results of the multiple times of fuzzy tests, a vulnerability existing in the instrumented chain code, as the vulnerability existing in the chain code to be detected, includes:
and determining the loopholes which appear when the plug-in chain codes run and meet the preset alarm conditions by using a static analysis method according to each test result containing the execution path and the branch transfer-in information, and taking the loopholes as the loopholes of the chain codes to be detected.
Optionally, the preset alarm condition comprises one or more of the following alarm conditions:
global variables in the chain codes are used for reading and writing the account book;
the value of the global variable in the chain code is used for non-read-write operation related to an account book;
the chain code has an operation of communicating with the external world, and the external world is the world outside the block chain network where the chain code is located;
the chain code has an operation of authorizing the access authority of the file;
there is an operation in the chain code that introduces a non-deterministic library;
the strand code uses a go method;
a field is present in a chain code object declared in the chain code;
traversal operation depending on a maps structure exists in the chain code;
return values of error types appearing in the chain code are not subjected to error type checking;
before an array element of the input parameter with a data format of an array is called, array length check is not performed on the input parameter to determine whether the array element exists;
after writing operation is carried out on any transaction generated in the chain code, the next operation is reading operation on the transaction;
reading the account book information in the chain code by a GetHistoryOfKey method or a GetQueryResult method;
and interacting with other chain codes except the chain code by an InvokeHainkcode method, wherein the other chain codes and the chain code are not in the same channel.
Optionally, the performing, by the test API file, multiple fuzz tests on the instrumentation chain code to obtain a test result of each fuzz test includes:
performing fuzzy test on the instrumentation chain code through the test API file in a multi-thread concurrent test mode or a distributed test mode to obtain a test result of each fuzzy test;
and in the distributed test mode, each test node performs fuzzy test in the multithreading concurrent test mode.
In a second aspect, the present invention provides an intelligent contract vulnerability detection apparatus, where the intelligent contract is a chain code, and the apparatus includes:
the acquisition module is used for acquiring the chain code to be detected;
the generating module is used for generating a test API file of the chain code and generating a control flow graph of the chain code;
the plug-in module is used for plugging a covering label and a detection label in the chain code according to the control flow graph to obtain a plug-in chain code; the coverage label is used for recording the execution path of the chain code; the detection tag is used for recording branch switching-in information of the execution path;
the fuzzy test module is used for executing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test; wherein, the input parameters of the first fuzzy test are initial parameters in the test text set; the test corpus is updated or not updated according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to a test text set obtained after the last fuzzy test is executed;
and the determining module is used for determining the loophole existing in the plug-in chain code according to the test results of the multiple times of fuzzy tests, and the loophole existing in the chain code to be detected is used as the loophole.
Optionally, the fuzz testing module is specifically configured to:
in each fuzz test, through the test API file, executing the following steps:
judging whether the format of the input parameter of the fuzzy test conforms to a preset invalid format or not;
when the judgment result is yes, obtaining the result that the input parameters of the fuzzy test are invalid, and not updating the test corpus;
if not, converting the input parameters of the fuzzy test into a format matched with the chain code; inputting the input parameters after format conversion into the plug-in chain codes to operate, obtaining the execution path and branch switching-in information of the plug-in chain codes as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch switching-in information.
Optionally, the step of transferring to information updating or not updating the test corpus by the fuzzy test module according to the obtained execution path and branch includes:
judging whether the execution path of the fuzzy test is an uncovered path or not according to the obtained execution path and branch switching-in information;
when the execution path of the secondary fuzzy test is an uncovered path, adding the input parameters of the secondary fuzzy test into the test text set;
when the execution path of the fuzzy test is not the uncovered path, the test corpus is not updated.
Optionally, the determining module is specifically configured to:
and determining the bugs which appear when the plug-in chain codes run and meet the preset alarm conditions by using a static analysis method according to each test result containing the execution path and the branch transfer-in information, wherein the bugs are used as the bugs of the chain codes to be detected.
Optionally, the preset alarm condition comprises one or more of the following alarm conditions:
global variables in the chain codes are used for reading and writing the account book;
the value of the global variable in the chain code is used for non-read-write operations related to the ledger;
the chain code has an operation of communicating with the external world, and the external world is the world outside the block chain network where the chain code is located;
the operation of authorizing the file access authority exists in the chain code;
there are operations in the chain code that introduce a non-deterministic library;
the go method is used in the strand codes;
a field is present in a chain code object declared in the chain code;
traversal operation depending on a maps structure exists in the chain code;
the return value of error type appearing in the chain code is not checked by the error type;
before the array element of the input parameter with the data format of the array is called, array length check is not performed on the input parameter to determine whether the array element exists;
after writing operation is carried out on any transaction generated in the chain code, the next operation is reading operation on the transaction;
reading account book information in the chain code by a GetHistoryOfKey method or a GetQueryResult method;
and interacting with other chain codes except the chain code by an InvokeCoHaopcode method, wherein the other chain codes and the chain code are not in the same channel.
Optionally, the fuzz testing module body is configured to:
performing fuzzy test on the plug-in chain code through the test API file in a multi-thread concurrent test mode or a distributed test mode to obtain a test result of each fuzzy test;
in the distributed test mode, each test node performs fuzzy test in a multi-thread concurrent test mode.
In a third aspect, the present invention provides an electronic device, including a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method steps of any intelligent contract vulnerability detection method when executing the program stored in the memory.
In a fourth aspect, the present invention provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method steps of any of the intelligent contract vulnerability detection methods described above.
In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method steps of any of the intelligent contract vulnerability detection methods described above.
In the intelligent contract vulnerability detection method provided by the invention, the covering label and the detection label are inserted in the chain code by generating the control flow graph of the chain code; the coverage label is used for recording an execution path when the chain code runs; the detection label is used for recording branch switching-in information of the execution path. In addition, the chain code is subjected to fuzzy test through the test API file for generating the chain code, namely, various input parameters are repeatedly input into the chain code to run. Furthermore, the loopholes existing in the chain codes are determined according to the execution path and branch transfer information included in the test result obtained by actual operation, and the effect of dynamic test is achieved. Therefore, the intelligent contract vulnerability detection method provided by the scheme can effectively evaluate the security of the chain code.
In addition, in the scheme, the test corpus of the fuzz test is updated or not updated according to the test result of each fuzz test, so that the subsequently generated input parameters can more effectively trigger the loophole of the chain code.
The present invention will be described in further detail with reference to the accompanying drawings.
Drawings
Fig. 1 is a schematic flowchart of an intelligent contract vulnerability detection method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating the steps implemented by testing an API file in the method of FIG. 1;
FIG. 3 is a schematic diagram of an exemplary illustrative control flow graph;
FIG. 4 is a schematic diagram of a portion of code in a test API file generated in an embodiment of the present invention;
FIG. 5 is a diagram illustrating a portion of code of an example chain code;
fig. 6 is a schematic structural diagram of an intelligent contract vulnerability detection apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
In order to effectively evaluate the security of the chain code, the embodiment of the invention provides an intelligent contract vulnerability detection method and device, electronic equipment and a storage medium.
The execution main body of the intelligent contract vulnerability detection method provided by the embodiment of the invention is the intelligent contract vulnerability detection device provided by the embodiment of the invention; the device can be applied to electronic equipment. In a specific application, the electronic device may be: desktop computers, portable computers, node servers of blockchain networks, and the like, are not limited herein, and any electronic device capable of implementing the present invention is within the scope of the present invention.
First, the intelligent contract vulnerability detection method provided by the embodiment of the present invention is explained in detail. As shown in fig. 1, the method may include the steps of:
s10: and acquiring the chain code to be detected.
Here, the chain code to be detected is the chain code constituting the intelligent contract, and is the chain code constructed on the hyper-hedger Fabric platform proposed and maintained by the Linux foundation, which is different from the intelligent contract on the ether house. Therefore, the intelligent contract vulnerability detection method provided by the embodiment of the invention is different from the existing method for realizing intelligent contract vulnerability detection on an ether house.
S20: and generating a test API file of the chain code and generating a control flow graph of the chain code.
The test API file is mainly used for calling chain codes; of course, when the chain code is called through the test API file, further operations may be performed on the input parameters and/or the execution results of the chain code, so as to improve the testing efficiency of the fuzz test or achieve a better testing effect. For clarity of the scheme layout, the operation steps specifically implemented when the chain code is called by testing the API file will be described in detail later. In practical application, the algorithm for generating the test API can be written in the go language, and the test API file of the chain code is generated by executing the algorithm.
A Control Flow Graph (CFG) is an abstract data structure of chain code, representing all paths that the chain code will traverse during execution. The control flow graph comprises node information of blocks involved by all possible execution paths in the chain code and connection information among the blocks. The block is a block obtained by dividing the chain code, is a program block of the chain code, and is not a block of the block chain.
The process of generating a control flow graph is similar to the process of generating a survival test API file. Specifically, a Go/AST library provided by the Go language authority may be called to generate an Abstract Syntax Tree (AST), and the AST may divide blocks in each possible path in the chain code according to a depth-first search policy, and collect node information of each block and connection information between blocks.
S30: and according to the control flow graph, inserting a covering label and a detection label in the chain code to obtain an inserted chain code.
The coverage label is used for recording an execution path of the chain code; the detection label is used for recording branch switching-in information of the execution path. In practical applications, the overlay tag and the probe note are both program codes inserted into the chain code.
In the step, for the overlay tag, specifically, the overlay tag is inserted into each block obtained by dividing the chain code; when the chain code is operated, the node information of the block is recorded according to which block the chain code is executed to; thus, after the chain code is run, the node information of all recorded blocks and the connection information of the blocks form the execution path of the chain code.
For the instrumented label, a probe label may be specifically inserted into each block capable of generating a branch path; when the chain code is run, when a branch path is generated, the probe note can record the input data when the branch path is shifted into. Thus, after the chain code is run, the recorded input data form branch transfer information of the execution path of the chain code.
For example, assume that there is a segment of code in a block as follows:
two branch paths exist in the section of code, wherein the first branch path is to return Error when t1 is not equal to t2, and the other branch path is to return Success when t1 is equal to t 2. Assuming that t2 is constantly equal to 2 and t1 is variable, the current t1 is equal to 1, and the probe tag records the value of t1 when the probe tag transits to the first branch path.
S40: and executing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test.
Wherein, the input parameters of the first fuzzy test are initial parameters in the test text set; the test corpus is updated or not according to the test result of each fuzzing test; the input parameters of each fuzzy test which are not the first time are generated according to the test corpus obtained after the last fuzzy test is executed.
Fuzz testing refers to a method of discovering program bugs by providing unexpected inputs to a program under test and monitoring the test results. In practical application, go-fuzz can be used for fuzz testing; here, go-fuzz is a go language random test tool. It should be noted that when the fuzz test is carried out by using go-fuzz, the go-fuzz automatically transforms the input parameters of the program to be tested and repeatedly calls the program to be tested unless the test is stopped manually or the preset test ending time comes. Wherein, the go-fuzz transformation of the input parameters of the program to be tested is realized according to the test corpus. And, go-fuzz can generate the input of a new format at a high level in a variation mode when the input parameters of the program to be tested are converted each time.
In the embodiment of the invention, when the go-fuzz transforms the input parameters of each fuzzy test according to the test corpus, because the test corpus is updated or not updated according to the test result of each fuzzy test, the newly generated input parameters of the go-fuzz each time refer to the test result of the last fuzzy test, so that the newly generated input parameters are more effective, and the generation and the participation of invalid input parameters in the test are reduced.
It will be appreciated that the step of updating or not updating the test corpus based on the test results of each fuzz test is also implemented by testing the API file.
And calling the instrumentation code through testing the API file based on the input parameters generated by the go-fuzz, so that the multiple times of fuzzy tests can be executed on the instrumentation chain code.
S50: and determining the loophole existing in the plug-in chain code according to the test results of the multiple times of fuzzy tests, and taking the loophole as the loophole existing in the chain code to be detected.
In this step, a vulnerability which is generated when the instrumentation chain code operates and meets a preset alarm condition is determined by a static analysis method according to each test result containing the execution path and the branch switching-in information, and the vulnerability is used as a vulnerability existing in the chain code to be detected.
It can be understood that, the vulnerability of the instrumentation chain code is determined, and the execution path and branch transfer information included in the test result is mainly used. Thus, when the static analysis method is used for confirming the bugs occurring in the operation of the instrumentation chain code, the effect of dynamically analyzing the bugs existing in the instrumentation chain code can be achieved according to the variables, the variable read-write relations, the execution sequence and the like involved in the operation of the instrumentation chain code.
In practical application, a plurality of preset alarm conditions can be predefined, and when any one or more defined preset alarm conditions exist in the test results of the multiple times of fuzzy tests, the loopholes existing in the chain codes are detected. For clarity of the layout of the scheme, a plurality of preset alarm conditions predefined in the embodiment of the present invention are exemplarily described later.
In the intelligent contract vulnerability detection method provided by the invention, the covering label and the detection label are inserted in the chain code by generating the control flow graph of the chain code; the coverage label is used for recording an execution path when the chain code runs; the detection label is used for recording branch switching-in information of the execution path. In addition, the chain code is subjected to fuzzy test through the test API file for generating the chain code, namely, various input parameters are repeatedly input into the chain code to run. Furthermore, the loopholes existing in the chain codes are determined according to the execution path and branch transfer information included in the test result obtained by actual operation, and the effect of dynamic test is achieved. Therefore, the intelligent contract vulnerability detection method provided by the scheme can effectively evaluate the security of the chain code.
In addition, in the scheme, the test corpus of the fuzz test is updated or not updated according to the test result of each fuzz test, so that the subsequently generated input parameters can more effectively trigger the loophole of the chain code.
The following is an example of the operation steps specifically implemented by calling the chain code through the test API file. At this time, since the test API file specifically calls the instrumentation chain code, in the embodiment of the present invention, the chain code is called through the test API file, that is, multiple times of fuzziness tests are performed on the instrumentation chain code through the test API file, so as to obtain a test result of each fuzziness test; as shown in fig. 2, in each fuzz test, the following steps are implemented by testing the API file:
s41: judging whether the format of the input parameter of the fuzzy test conforms to a preset invalid format or not; when the judgment result is yes, step S42 is executed; otherwise, step S43 is executed.
It will be appreciated that step S41 is primarily intended to filter input parameters for which the format is significantly invalid. Here, an input parameter whose format is apparently invalid, such as an input parameter of length 0 or the like; this is because the length of the input parameter of the chain code must be greater than 0.
S42: and obtaining the result that the input parameters of the fuzzy test are invalid, and not updating the test corpus.
S43: converting the input parameters of the fuzzy test into a format matched with the chain code; and inputting the input parameters after format conversion into the plug-in chain codes to operate, obtaining the execution path and branch transfer information of the plug-in chain codes, using the execution path and branch transfer information as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch transfer information.
After filtering out the input parameters with obvious and invalid formats, further filtering to obtain the input parameters, and converting the input parameters into a format matched with the chain codes, wherein the chain codes generally refer to all chain codes and are not the chain codes to be detected.
Then, calling the plug-in chain code by adopting a mockspi provided by a superhedger Fabric official, inputting the input parameters after format conversion into the plug-in chain code for operation, obtaining the execution path and branch transfer-in information of the plug-in chain code as a test result of the fuzzy test, and transferring the information to update or not update the test corpus according to the obtained execution path and branch.
The step of switching to information updating or not updating the test corpus according to the obtained execution path and branch may include:
judging whether the execution path of the fuzzy test is an uncovered path or not according to the obtained execution path and branch switching-in information;
when the execution path of the secondary fuzzy test is an uncovered path, adding the input parameters of the secondary fuzzy test into the test text set;
when the execution path of the fuzzy test is not the uncovered path, the test corpus is not updated.
It can be understood that the input parameters generating the new covered path are added to the test corpus, and when the subsequent go-fuzz generates the new input parameters according to the test corpus, the new input parameters can be transformed on the basis of the updated test corpus, so that the probability of testing the uncovered path is improved.
Then, a plurality of preset alarm conditions predefined in the embodiment of the present invention are exemplarily described, where the preset alarm conditions may include:
(1) the Global Variable in the chain code is used for ledger read-write operations, which is defined as Global Variable Usage alarm.
(2) The value of the Global Variable in the chain code is used for non-read-write operations related to the ledger, which is also defined as Global Variable Usage alarm.
The global variable of the chain code is of the node, not of the ledger of the blockchain. Thus, if a node that owns a global variable crashes, the value of the global variable is reset when the node recovers, resulting in an inconsistent error for the global variable for all nodes on the blockchain. Thus, a Global Variable Usage alarm is defined.
(3) The link code has an operation of communicating with the outside world, which is the world outside the blockchain network where the link code is located, and this case is defined as a blackiisted objects alarm.
(4) The operation of authorizing the access right of the file exists in the chain code, and the condition is also defined as Blacklistened objects alarm.
(5) There are operations in the chain that introduce a non-deterministic library, which is also defined as a Blacklisted objects alarm. The non-deterministic library includes a time library, a time stamp function, and the like.
Allowing communication with the outside world, granting file access, or introducing a non-deterministic library may result in inconsistencies in execution results between endorsement nodes of the chain code that will not compute the same read-write set. Whereas if the read and write sets are not consistent, the transactions defined in the chain code will always be marked invalid. Thus, a blackwithed objects alarm is defined.
(6) The go method is used in the chain code, which is defined as the Concurrenty of Program alarm.
In the Go program, the Go method may execute the program in parallel, and thus may also produce parallel program uncertainty behavior. When parallel read and write operations are performed on the ledger, the uncertain behavior can cause data errors of the operations. Eventually leading to inconsistent accounting for all nodes on the blockchain. Thus, a Concurrenty of Program alarm is defined.
(7) A Field is present in the chain code object declared in the chain code, which is defined as a Field definitions alarm.
Each chain code needs to declare a chain code object. The object is created at the first chain code initialization. If there are other fields within this chain code object, this field may act on the chain code global. Since any global state is not stored on the ledger, otherwise any node initialization may result in a reset of the global state, there should not be any field in the chain code object. Thus, a Field definitions alarm is defined.
(8) Traversal operations dependent on maps structures exist in the chain code, and this case is defined as Map range alarms.
In the Go language program, the maps data structure is an unordered data structure; if the traversal operation is performed on the maps data structure using range, etc., the traversal result will be uncertain. Thus, if there is a traversal operation in the chain that depends on the maps structure, inconsistencies in the resulting states can result. Thus, Map range alarms are defined.
(9) The return value of error type appearing in the chain code is not checked for error type, which is defined as an Unhandled Errors alarm.
In the Go language program, the return value after executing a method does not have to be stored in a certain variable. If this return value is of error type but is not stored by subsequent variables and passes the error type check, the return value of the method may be in error. Thus, Unhandled Errors alarms are defined.
(10) Before an array element of an Input parameter whose data format is an array is called, no array length check is performed on the Input parameter to determine whether the array element exists, which is defined as a Uncelocked Input alignment alarm.
The format of the input parameter after chain code invocation is always an array of type "[ ] [ ] byte". Therefore, when a certain array element of an input parameter is used inside the chain code, the array length of the input parameter must be checked before use to confirm the existence of the array element. Thus, Unceckecked Input alerts are defined.
(11) After a Write operation is performed for any transaction generated in the chain code, the next operation is a Read operation for the transaction, and this case is defined as a Read After Write alarm.
Both write and read operations to the ledger in the chain code require a transaction to be submitted to the ledger, while transactions on the blockchain require a certain amount of time to complete. Therefore, if a read operation is performed immediately after a write operation in the same transaction, the value read may be the old value before the write operation is completed, creating a read error condition. Thus, the Read After Write alarm is defined.
(12) And reading the account book information in the chain code by a GetHistoryOfKey method or a GetQueryResult method, wherein the condition is defined as a Range Query Risk alarm.
Here, GetHistoryOfKey and GetQueryResult are both methods defined in the go language.
In the invention, according to the definition of the chain code test API file, the method of GetHistoryOfKey or GetQueryResult is used for reading the account book information and the version control of the block chain is not passed, thereby causing the condition of phantom reading (phantoms) to be generated. A magic read occurs when a read operation is followed by another write operation, and a different result is returned when the same read operation occurs again. Because the same account book may interact with multiple transactions simultaneously on the block chain, reading the information of the account book by using the methods of GetHistoryOfKey and GetQueryResult may cause inconsistency of the account books on all nodes. Thus, a Range Query Risk alarm is defined.
(13) The method interacts with other chain codes except the chain code through InvokeHainkcode method, and the other chain codes and the chain code are not in the same Channel, and the condition is defined as Cross Channel Invocation alarm.
InvokeHainocode is also a method defined in the go language.
Any update to the ledger state in the chain code is abnormal because if the other chain code and the chain code are in different channels, the transaction in which the chain code interacts with the other chain code is treated as a Query (Query) operation rather than a normal transaction. Thus, a Cross Channel Invocation alarm is defined.
In order to verify the effectiveness of the intelligent contract vulnerability detection method provided by the embodiment of the present invention, a specific embodiment is taken as an example to illustrate a process of detecting a vulnerability of a chain code by the method provided by the embodiment of the present invention.
Firstly, acquiring a chain code to be detected; and then, running a program for generating a test API file of the chain code in the Go language environment to generate the test API file of the chain code, running a program for generating a control flow graph of the chain code in the Go language environment to generate the control flow graph of the chain code.
FIG. 3 is a schematic diagram illustrating an exemplary control flow graph. The control flow graph shows a total of 5 possible execution paths. Wherein, the root is a root node, and two child nodes Init and Invoke are started from the root node of the root; here, root, Init, and Invoke can all be understood as blocks of chain codes. Line is the Line number of the code in the program. In addition, the information specifically included in the control flow graph has already been described in detail in the foregoing, and is not described again here.
FIG. 4 illustrates a portion of code in a test API file generated by an embodiment of the present invention. In fig. 4, the Fuzz method defined in line 1 is executed each time the Fuzz test is performed, and a new [ ] byte type value is given to the input parameter data; lines 2-3 are used to filter input parameter data with a length not greater than 0; lines 5-11 are used to convert the filtered input parameters into a format matching the chain code; lines 23-27 call instrumentation chain code with the input parameters after the format conversion. The test API file is provided with a plurality of if state checks for determining whether the execution path of the fuzzy test is an uncovered path or not, and when the execution path is the uncovered path, the input parameters are added to the test text set; when the execution path is not an uncovered path, the test corpus is not updated.
And then, in a Go language environment, running a program for inserting the overlay label and the detection label in the chain code according to the control flow graph to obtain an inserted chain code.
Then, the test API file is repeatedly run in go-fuzz, the plug-in chain code is subjected to multiple times of fuzz tests, and the test result of each fuzz test is recorded in a coverage file (coverage profile). And merging the coverage profiles into one coverage profile by using a coverage tool.
And in the Go language environment, operating a safety analysis module to find out the bugs existing in the instrumentation chain codes. The safety analysis module is a software module and is mainly used for finding out various contents which meet the alarm conditions of the items (1) to (13) in the instrumentation chain code and serve as loopholes of the chain code according to the execution path and branch transfer information of each fuzzy test recorded in the merged coverage profile.
Fig. 5 shows a partial code of an example chain code, and the vulnerability existing in the example chain code is exemplified below by taking the partial code as an example.
Wherein gv0 appearing in line 0 and blocks appearing in line 11 are global variables of the chain code. gv0 is called at line 36 to perform book reading and writing operations, and blocks participates in the circular reading operation related to the book at line 19; thus, the security analysis module will report Global Variable Usage alarms and report the specific locations in the chain code that depend on Global Variable operations.
Now method to generate the current time value is called on line 35, introducing a non-deterministic library time. Thus, the security analysis module will report a blackwithed objects alarm.
Lines 33-34 have used the go method to perform the function1 method in parallel and have passed in different parameters, resulting in the ledger being in different states on different nodes. Thus, the security analysis module will report a Concurrenty of Program alarm.
In line 7, the chain code object VE is declared and contains a "dummy" field. Thus, the security analysis module will report a Field definitions alarm.
In line 19, blocks are traversed using the range approach, which relies on maps structures. Therefore, the security analysis module will report a Map range occurrences alarm.
In line 27, the second error type value in the returned value of GetState has not been error type checked. Thus, the security analysis module may report an Unhandled Errors alarm.
In line 37, the length of array args0 has not been checked before reading array element args0[2] to ensure the presence of args0[2 ]. Thus, the security analysis module will report Unceckecked Input extensions alerts.
In line 16, after writing new data to a key with PutState, line 17 reads the value of the key with GetState. Thus, the security analysis module will report a Read After Write alarm.
In line 14, the ledger information data is read using the GetHistoryOfKey method. Thus, the security analysis module will report a Range Query Risk alert.
In line 51, the InvokeCohaincode method is executed to call the chainCodeToCall method in the Channel, but since the Channel is not necessarily in the same Channel as the current chain code, the security analysis module will report a Cross Channel Invocation alert.
In addition, in the embodiment of the invention, a multithreading concurrent test mode or a distributed test mode can be adopted to execute the fuzzing test on the plug-in chain code.
In the distributed test mode, each test node performs fuzzy test in a multi-thread concurrent test mode.
In distributed testing, one coordination node and a plurality of testing nodes can be arranged. Each test node can individually set up threads for concurrent testing. Among them, the coordinating node is generally called coordinator (coordinator), and the testing node is generally called worker (worker).
It can be understood that the plug-in chain code is subjected to the fuzzy test by adopting a multi-thread concurrent test mode or a distributed test mode, so that more bugs of the plug-in chain code can be found in a short time, and the test efficiency is improved.
Based on the same inventive concept, the embodiment of the invention also provides an intelligent contract vulnerability detection device, wherein the intelligent contract is a chain code. As shown in fig. 6, the apparatus may include:
the obtaining module 601 is configured to obtain a chain code to be detected.
And the generating module 602 is configured to generate a test API file of the chain code and generate a control flow graph of the chain code.
An inserting module 603, configured to insert a coverage label and a detection label in the chain code according to the control flow graph, to obtain an inserted chain code; the coverage label is used for recording the execution path of the chain code; the detection label is used for recording branch switching-in information of the execution path.
And the fuzz testing module 604 is configured to perform multiple fuzz tests on the instrumentation chain code through the test API file to obtain a test result of each fuzz test.
Wherein, the input parameters of the first fuzzy test are initial parameters in the test text set; the test corpus is updated or not according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to the test corpus obtained after the last fuzzy test is executed.
And the determining module 605 is configured to determine, according to the test result of the multiple times of fuzzy tests, a vulnerability existing in the instrumented chain code as a vulnerability existing in the chain code to be detected.
Optionally, the fuzz testing module 604 may be specifically configured to:
in each fuzz test, by testing the API file, the following steps are performed:
judging whether the format of the input parameter of the fuzzy test conforms to a preset invalid format or not;
if so, obtaining the result that the input parameters of the fuzzy test are invalid, and not updating the test corpus;
if not, converting the input parameters of the fuzzy test into a format matched with the chain code; and inputting the input parameters after format conversion into the plug-in chain codes for operation to obtain the execution path and branch transfer information of the plug-in chain codes, taking the execution path and branch transfer information as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch transfer information.
Optionally, the step of transferring to the test corpus information updating or not updating by the fuzzing test module 604 according to the obtained execution path and branch includes:
judging whether the execution path of the fuzzy test is an uncovered path or not according to the obtained execution path and branch switching-in information;
when the execution path of the secondary fuzzy test is an uncovered path, adding the input parameters of the secondary fuzzy test into the test text set;
when the execution path of the fuzzy test is not the uncovered path, the test corpus is not updated.
Optionally, the determining module 605 may be specifically configured to:
and determining the bugs which appear when the plug-in chain codes run and meet the preset alarm conditions by using a static analysis method according to each test result containing the execution path and the branch transfer-in information, wherein the bugs are used as the bugs of the chain codes to be detected.
Optionally, the preset alarm condition includes one or more of the following alarm conditions:
global variables in the chain codes are used for reading and writing the account book;
the value of the global variable in the chain code is used for non-read-write operations related to the ledger;
the chain code has an operation of communicating with the external world, and the external world is the world outside the block chain network where the chain code is located;
the operation of authorizing the file access authority exists in the chain code;
there are operations in the chain code that introduce a non-deterministic library;
the go method is used in the strand codes;
a field is present in a chain code object declared in the chain code;
traversal operation depending on a maps structure exists in the chain code;
the return value of error type appearing in the chain code is not checked by the error type;
before the array element of the input parameter with the data format of the array is called, array length check is not performed on the input parameter to determine whether the array element exists;
after writing operation is carried out on any transaction generated in the chain code, the next operation is reading operation on the transaction;
reading account book information in the chain code by a GetHistoryOfKey method or a GetQueryResult method;
and interacting with other chain codes except the chain codes by an InvokeChincode method, wherein the other chain codes and the chain codes are not in the same channel.
Optionally, the fuzz testing module 604 may be specifically configured to:
performing fuzzy test on the plug-in chain code through the test API file in a multi-thread concurrent test mode or a distributed test mode to obtain a test result of each fuzzy test;
in the distributed test mode, each test node performs fuzzy test in a multi-thread concurrent test mode.
The intelligent contract vulnerability detection device provided by the invention realizes the insertion of the coverage label and the detection label in the chain code by generating the control flow graph of the chain code; the coverage label is used for recording an execution path when the chain code runs; the detection label is used for recording branch switching-in information of the execution path. In addition, the chain code is subjected to fuzzy test through the test API file for generating the chain code, namely, various input parameters are repeatedly input into the chain code to run. Furthermore, the loopholes existing in the chain codes are determined according to the execution path and branch transfer information included in the test result obtained by actual operation, and the effect of dynamic test is achieved. Therefore, the intelligent contract vulnerability detection method provided by the scheme can effectively evaluate the security of the chain code.
In addition, in the scheme, the test corpus of the fuzz test is updated or not updated according to the test result of each fuzz test, so that the subsequently generated input parameters can more effectively trigger the loophole of the chain code.
An embodiment of the present invention further provides an electronic device, as shown in fig. 7, including a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 complete mutual communication through the communication bus 704,
a memory 703 for storing a computer program;
the processor 701 is configured to implement the method steps of any one of the above-described intelligent contract vulnerability detection methods when executing the program stored in the memory 703.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
The invention also provides a computer readable storage medium. The computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the method steps of any one of the intelligent contract vulnerability detection methods are realized.
Alternatively, the computer-readable storage medium may be a Non-Volatile Memory (NVM), such as at least one disk Memory.
Optionally, the computer readable memory may also be at least one memory device located remotely from the processor.
In yet another embodiment of the present invention, a computer program product containing instructions is also provided, which when executed on a computer, causes the computer to perform the method steps of any of the intelligent contract vulnerability detection methods described above.
It should be noted that, for the device/electronic apparatus/storage medium/computer program product embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, refer to the partial description of the method embodiment.
In the description of the specification, reference to the description of the term "one embodiment", "some embodiments", "an example", "a specific example", or "some examples", etc., means that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples described in this specification can be combined and combined by those skilled in the art.
While the invention has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (10)
1. An intelligent contract vulnerability detection method is characterized in that the intelligent contract is a chain code; the method comprises the following steps:
acquiring a chain code to be detected;
generating a test API file of the chain code, and generating a control flow graph of the chain code;
according to the control flow graph, inserting a covering label and a detection label in the chain code to obtain an inserted chain code; the coverage label is used for recording the execution path of the chain code; the detection tag is used for recording branch switching-in information of the execution path;
performing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test; wherein, the input parameters of the first fuzzy test are initial parameters in the test text set; the test corpus is updated or not updated according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to a test text set obtained after the last fuzzy test is executed;
determining a vulnerability existing in the instrumented chain code according to the test results of the multiple times of fuzzy tests, and using the vulnerability as the vulnerability existing in the chain code to be detected;
the step of executing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test comprises the following steps:
and carrying out fuzzy test on the instrumentation chain code by judging whether the format of the input parameters of each fuzzy test conforms to a preset invalid format or not, so as to obtain the test result of each fuzzy test.
2. The method of claim 1,
when the format of the input parameters of the fuzzy test conforms to the preset invalid format, obtaining the invalid result of the input parameters of the fuzzy test, and not updating the test corpus;
when the format of the input parameters of the fuzzy test does not accord with the preset invalid format, converting the input parameters of the fuzzy test into a format matched with the chain code; inputting the input parameters after format conversion into the plug-in chain codes to operate, obtaining the execution path and branch switching-in information of the plug-in chain codes as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch switching-in information.
3. The method according to claim 2, wherein the step of updating or not updating the test corpus according to the obtained execution path and branch forwarding information comprises:
judging whether the execution path of the fuzzy test is an uncovered path or not according to the obtained execution path and branch switching-in information;
when the execution path of the secondary fuzzy test is an uncovered path, adding the input parameters of the secondary fuzzy test into the test text set;
and when the execution path of the fuzzy test is not an uncovered path, not updating the test corpus.
4. The method according to claim 2, wherein the determining, according to the test results of the multiple times of fuzzy tests, the vulnerability existing in the instrumented chain code as the vulnerability existing in the chain code to be detected comprises:
and determining the loopholes which appear when the plug-in chain codes run and meet the preset alarm conditions by using a static analysis method according to each test result containing the execution path and the branch transfer-in information, and taking the loopholes as the loopholes of the chain codes to be detected.
5. The method of claim 4, wherein the preset alarm condition comprises one or more of the following alarm conditions:
global variables in the chain codes are used for reading and writing the account book;
the value of the global variable in the chain code is used for non-read-write operations related to the ledger;
the chain code has an operation of communicating with the external world, and the external world is the world outside the block chain network where the chain code is located;
the chain code has an operation of authorizing the access authority of the file;
there is an operation in the chain code that introduces a non-deterministic library;
the strand code uses a go method;
a field is present in a chain code object declared in the chain code;
traversal operation depending on a maps structure exists in the chain code;
the return value of error type appearing in the chain code is not checked by the error type;
before an array element of the input parameter with a data format of an array is called, array length check is not performed on the input parameter to determine whether the array element exists;
after writing operation is carried out on any transaction generated in the chain code, the next operation is reading operation on the transaction;
reading the account book information in the chain code by a GetHistoryOfKey method or a GetQueryResult method;
and interacting with other chain codes except the chain code by an InvokeHainkcode method, wherein the other chain codes and the chain code are not in the same channel.
6. The method of claim 1, wherein performing a plurality of fuzz tests on the instrumentation chain code through the test API file to obtain a test result of each fuzz test comprises:
performing fuzzy test on the instrumentation chain code through the test API file in a multi-thread concurrent test mode or a distributed test mode to obtain a test result of each fuzzy test;
and in the distributed test mode, each test node performs fuzzy test in the multithreading concurrent test mode.
7. An intelligent contract vulnerability detection device, wherein the intelligent contract is a chain code, the device comprises:
the acquisition module is used for acquiring the chain code to be detected;
the generating module is used for generating a test API file of the chain code and generating a control flow graph of the chain code;
the plug-in module is used for plugging a covering label and a detection label in the chain code according to the control flow graph to obtain a plug-in chain code; the coverage label is used for recording the execution path of the chain code; the detection tag is used for recording branch switching-in information of the execution path;
the fuzzy test module is used for executing a plurality of times of fuzzy tests on the plug-in chain code through the test API file to obtain a test result of each time of fuzzy test; wherein, the input parameters of the first fuzzy test are initial parameters in the test text set; the test corpus is updated or not updated according to the test result of each fuzz test; the input parameters of each fuzzy test which are not the first time are generated according to a test text set obtained after the last fuzzy test is executed;
the determining module is used for determining the vulnerability of the instrumented chain code according to the test results of the multiple times of fuzzy tests, and the vulnerability is used as the vulnerability of the chain code to be detected;
the fuzz testing module is specifically used for:
and carrying out fuzzy test on the instrumentation chain code by judging whether the format of the input parameters of each fuzzy test conforms to a preset invalid format or not, so as to obtain the test result of each fuzzy test.
8. The apparatus of claim 7, wherein the fuzz testing module is specifically configured to:
when the format of the input parameters of the fuzzy test conforms to the preset invalid format, obtaining the invalid result of the input parameters of the fuzzy test, and not updating the test corpus;
when the format of the input parameters of the fuzzy test does not accord with the preset invalid format, converting the input parameters of the fuzzy test into a format matched with the chain code; inputting the input parameters after format conversion into the plug-in chain codes to operate, obtaining the execution path and branch switching-in information of the plug-in chain codes as the test result of the fuzzy test, and updating or not updating the test corpus according to the obtained execution path and branch switching-in information.
9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-6 when executing a program stored in the memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010476194.8A CN111753306B (en) | 2020-05-29 | 2020-05-29 | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010476194.8A CN111753306B (en) | 2020-05-29 | 2020-05-29 | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111753306A CN111753306A (en) | 2020-10-09 |
| CN111753306B true CN111753306B (en) | 2022-08-05 |
Family
ID=72674454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010476194.8A Active CN111753306B (en) | 2020-05-29 | 2020-05-29 | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111753306B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113051580B (en) * | 2021-04-22 | 2024-02-02 | 南京匡吉信息科技有限公司 | Hyperledger Fabric intelligent contract problem detection method |
| CN113254054B (en) * | 2021-06-09 | 2024-05-10 | 上海万向区块链股份公司 | Intelligent contract one-stop development system and method |
| CN113486357B (en) * | 2021-07-07 | 2024-02-13 | 东北大学 | Intelligent contract security detection method based on static analysis and deep learning |
| CN114329492A (en) * | 2021-12-30 | 2022-04-12 | 博雅正链(北京)科技有限公司 | Vulnerability detection method for Go language chain code |
| CN114911695B (en) * | 2022-04-11 | 2024-08-06 | 天津大学 | Concurrent program defect detection method based on memory access mode |
| CN115174279B (en) * | 2022-09-09 | 2022-11-29 | 南方科技大学 | Real-time detection method, terminal and storage medium for intelligent Ether house contract vulnerability |
| CN117707918B (en) * | 2023-05-29 | 2024-09-06 | 荣耀终端有限公司 | Concurrent defect detection method, test equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| CN108052825A (en) * | 2017-12-29 | 2018-05-18 | 哈尔滨工业大学 | The leakage location being combined for the fuzz testing of binary executable with semiology analysis |
| CN109446814A (en) * | 2018-09-30 | 2019-03-08 | 北京金山安全软件有限公司 | Vulnerability detection method and device |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN110489973A (en) * | 2019-08-06 | 2019-11-22 | 广州大学 | A kind of intelligent contract leak detection method, device and storage medium based on Fuzz |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101947760B1 (en) * | 2018-09-04 | 2019-02-13 | 김종현 | Secure authentication server for smart contract |
| CN110008710B (en) * | 2019-04-15 | 2022-11-18 | 上海交通大学 | Vulnerability detection method based on deep reinforcement learning and program path instrumentation |
-
2020
- 2020-05-29 CN CN202010476194.8A patent/CN111753306B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| CN108052825A (en) * | 2017-12-29 | 2018-05-18 | 哈尔滨工业大学 | The leakage location being combined for the fuzz testing of binary executable with semiology analysis |
| CN109446814A (en) * | 2018-09-30 | 2019-03-08 | 北京金山安全软件有限公司 | Vulnerability detection method and device |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN110489973A (en) * | 2019-08-06 | 2019-11-22 | 广州大学 | A kind of intelligent contract leak detection method, device and storage medium based on Fuzz |
Non-Patent Citations (3)
| Title |
|---|
| 基于程序控制流的覆盖率引导模糊测试技术研究;程伟;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》;20190615(第06期);第三章第24-41页 * |
| 基于符号执行与模糊测试的混合测试方法;谢肖飞 等;《软件学报》;20190429;第3071-3086页 * |
| 基于符号执行的智能合约漏洞检测方案;赵伟 等;《计算机应用》;20200410(第4期);第947-953页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111753306A (en) | 2020-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111753306B (en) | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium | |
| CN109426723B (en) | Detection method, system, equipment and storage medium using released memory | |
| Nidhra et al. | Black box and white box testing techniques-a literature review | |
| US8245194B2 (en) | Automatically generating unit test cases which can reproduce runtime problems | |
| Díaz et al. | Static analysis of source code security: Assessment of tools against SAMATE tests | |
| CN110704306B (en) | Assertion processing method, device, equipment and storage medium in test | |
| US10747641B2 (en) | System and method for cause point analysis for effective handling of static analysis alarms | |
| US20140208431A1 (en) | Automated tools for building secure software programs | |
| Honig et al. | Practical mutation testing for smart contracts | |
| US20100274520A1 (en) | Creation of test plans | |
| US10681076B1 (en) | Automated security analysis of software libraries | |
| Wille et al. | Debugging of inconsistent UML/OCL models | |
| Di Nardo et al. | Generating complex and faulty test data through model-based mutation analysis | |
| CN110287700B (en) | iOS application security analysis method and device | |
| Blanchard et al. | A lesson on verification of IoT software with Frama-C | |
| US7624304B2 (en) | Defect detection for integers | |
| Hao et al. | Constructing benchmarks for supporting explainable evaluations of static application security testing tools | |
| Liuying et al. | Test selection from UML statecharts | |
| Sun et al. | Revisiting the Identification of the Co-evolution of Production and Test Code | |
| Kundu et al. | A UML model-based approach to detect infeasible paths | |
| CN116578978A (en) | Multidimensional hierarchical hardware Trojan horse assessment method for IP soft core | |
| CN115618351A (en) | Hyperled Fabric chain code vulnerability detection method based on dynamic and static combination | |
| KR100924519B1 (en) | File format analysis system and method for unknown file format to use software security testing | |
| Melo et al. | In-depth characterization of exception flows in software product lines: an empirical study | |
| CN111428238A (en) | Android component-based denial of service test method, detection terminal and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 533, 5th Floor, Building A3A4, Phase I, Zhong'an Chuanggu Science and Technology Park, No. 900 Wangjiang West Road, High tech Zone, Hefei City, Anhui Province, 230031 Patentee after: Anhui Xinxin Science and Technology Innovation Information Technology Co.,Ltd. Country or region after: China Address before: 11 / F, building B2, yunhuigu, 156 Tiangu 8th Road, software new town, Yuhua Street office, high tech Zone, Xi'an, Shaanxi 710000 Patentee before: Xi'an Xinxin Information Technology Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240415 Address after: 710000, Room 201, Building B2, Yunhuigu, Software New City, High tech Zone, Xi'an City, Shaanxi Province Patentee after: Xi'an Xinxin Zhixing Technology Co.,Ltd. Country or region after: China Address before: Room 533, 5th Floor, Building A3A4, Phase I, Zhong'an Chuanggu Science and Technology Park, No. 900 Wangjiang West Road, High tech Zone, Hefei City, Anhui Province, 230031 Patentee before: Anhui Xinxin Science and Technology Innovation Information Technology Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |