CN111913877A - Fuzzy test method and device for text configuration file - Google Patents
Fuzzy test method and device for text configuration file Download PDFInfo
- Publication number
- CN111913877A CN111913877A CN202010636048.7A CN202010636048A CN111913877A CN 111913877 A CN111913877 A CN 111913877A CN 202010636048 A CN202010636048 A CN 202010636048A CN 111913877 A CN111913877 A CN 111913877A
- Authority
- CN
- China
- Prior art keywords
- key
- keys
- file
- seed file
- text
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Abstract
The embodiment of the invention provides a fuzzy test method and a device for a text configuration file, wherein the method comprises the following steps: identifying the text file format type of the target configuration file, and determining a key value-value pair of the target configuration file; performing pre-fuzzy test on a program taking the target configuration file as an input to detect whether the program has a format bug, extracting all visible character strings in the program, and performing variation on keys in a key-value pair of the target configuration file to obtain a key combination seed file; and based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file, and mining the vulnerability of the program. The embodiment of the invention realizes comprehensive excavation of deeper loopholes in the program and improves the fuzzy test efficiency facing the text configuration file.
Description
Technical Field
The invention relates to the field of vulnerability mining and analysis, in particular to a fuzzy test method and device for a text configuration file.
Background
The fuzzy test is a technology for carrying out vulnerability mining on software or a system in a dynamic mode. The fuzzy test tool is represented by AFL, and is based on the concept of dynamic execution and path coverage improvement, and is generally implemented by taking a seed file as an input to actually execute a test program, recording an execution path corresponding to each seed file in a pile insertion manner, and then trying to mutate the seed file so as to try to enable the mutated seed file to serve as program input to enable the program to pass through different execution paths.
In the prior art of fuzz testing, input types are various, and network data input may be performed through a socket, or parameters of a program command line may be read and input, or input may be directly read and input from a configuration file of a program. However, the efficiency and coverage rate of the fuzzy test of the same fuzzy test method, namely the variation algorithm, aiming at different types of input programs are not high enough.
Therefore, how to implement the fuzzy test method for the text configuration file, and improve the fuzzy test efficiency and coverage rate for the text configuration file become problems to be solved urgently.
Disclosure of Invention
Aiming at the defects in the prior art, the embodiment of the invention provides a fuzzy test method and device for a text configuration file.
In a first aspect, an embodiment of the present invention provides a text configuration file-oriented fuzz testing method, including:
acquiring a target configuration file in a text file format;
identifying the text file format type of the target configuration file, and determining a key value-value pair of the target configuration file;
performing pre-fuzzy test on a program taking the target configuration file as input to detect whether the program has a format bug, and extracting all visible character strings in the program;
utilizing the visible character string to perform variation on a key in a key-value pair of the target configuration file to obtain a key combination seed file;
based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file;
and utilizing the new combined seed file to mine the vulnerability of the program.
Optionally, the mutating a key in the key-value pair of the target configuration file by using the visible character string to obtain a key combination seed file specifically includes:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
Optionally, the mutating a value corresponding to a key in the key combination seed file based on the weight of the key in the key combination seed file to obtain a new combination seed file specifically includes:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
Optionally, the mutating the value corresponding to the key in the key combination seed file specifically includes:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
In a second aspect, an embodiment of the present invention provides a fuzzy testing apparatus for text configuration files, including:
the acquisition module is used for acquiring a target configuration file in a text file format;
the identification module is used for identifying the text file format type of the target configuration file and determining a key-value pair of the target configuration file;
the detection extraction module is used for performing pre-fuzzy test on the program taking the target configuration file as input so as to detect whether the program has a format bug and extracting all visible character strings in the program;
the key variation module is used for varying keys in the key-value pairs of the target configuration files by using the visible character strings to obtain key combination seed files;
the value variation module is used for varying values corresponding to the keys in the key combination seed file based on the weights of the keys in the key combination seed file to obtain a new combination seed file;
and the mining module is used for mining the vulnerability of the program by using the new combined seed file.
Optionally, the sampling frequency in the time window is fixedly set and is at least twice the effective value of the electromyographic signal frequency.
Optionally, the key variation module is specifically configured to:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
Optionally, the value variant module is specifically configured to:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
Optionally, the value variant module is further configured to:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
Third aspect an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the text profile-oriented fuzz testing method described in the first aspect above when executing the program.
Fourth aspect embodiments of the present invention provide a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the text profile-oriented fuzz testing method described in the first aspect above.
The embodiment of the invention provides a fuzzy test method for a text configuration file, which is characterized in that a new combined seed file is obtained by performing pre-fuzzy test, key variation and value variation on a program taking a target configuration file in a text file format as input, and the fuzzy test is performed, so that deeper loopholes in the program can be comprehensively excavated, and the fuzzy test efficiency for the text configuration file is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a fuzzy test method for a text configuration file according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another fuzzy testing method for text configuration files according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a fuzzy test apparatus for text configuration files according to an embodiment of the present invention;
fig. 4 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a method for multiplexing electrocardiographic electrodes into keys according to an embodiment of the present invention, and fig. 2 is a schematic flow chart of a method for multiplexing electrocardiographic electrodes into keys according to another embodiment of the present invention, and as shown in fig. 1 and 2, the method includes:
s101: and acquiring a target configuration file in a text file format.
The formats of the target configuration file generally include a binary file format (containing invisible characters and having a unique file structure), a text file format (all visible characters), and a database format (stored in a database file). The text file format is generally divided into 3 types, including a key-value pair format, a json format and an XML format.
Specifically, in the embodiment of the present invention, for software or service whose object is a target configuration file that needs to use a text format, first, the target configuration file in the text file format is obtained.
S102: and identifying the text file format type of the target configuration file, and determining a key-value pair of the target configuration file.
Specifically, the text file format type adopted for identifying the target configuration file is key value pair, json or XML.
For the key-value pair format type, the left side of each line in the general file is an identifier as a key, the middle is connected by "═ connection", and the right side is the value corresponding to the key.
For the json format, the body is typically wrapped with "{" and "}" and key and value are quoted and separated by ": in.
For the XML format, the body is an XML tag, and key is a tag name and value is a tag value, or key and value are separated with "═ directly as tag attributes.
And determining a key value key-value pair of the target configuration file aiming at the key value pair, json or a text file format type of XML, and positioning the positions of the key value and the value.
S103: and performing pre-fuzzy test on the program taking the target configuration file as input to detect whether the program has a format bug, and extracting all visible character strings in the program.
The pre-fuzzing test is to use a fuzzing test tool AFL to perform a preliminary fuzzing test on a program so as to mine a vulnerability under the condition that a target configuration file format is wrong.
Specifically, firstly, a fuzzy test tool AFL is used to perform a pre-fuzzy test on a program using the target configuration file as an input, detect whether the program has a format bug, and then, all visible character strings are identified from a data section of the program through traversal, wherein each visible character string is ended by "\ 0", "\ r", "\\ n", and "\\ t", and in one embodiment, all visible character string end characters are uniformly converted into "\\ 0" after all visible character strings are identified for convenience of subsequent step processing.
Steps S101-S103 are pre-processing of the target configuration file in text file format.
S104: and utilizing the visible character string to perform variation on a key in the key-value pair of the target configuration file to obtain a key combination seed file.
Specifically, the key in the target configuration file is replaced by the visible character string extracted from the preprocessing of the target configuration file in the text file format, or a new key-value pair is directly added to the target configuration file, the key in the target configuration file can also be directly deleted, and then the stub execution judgment is performed to obtain the key combination seed file.
The instrumentation is to insert probes into the tested program and then to obtain the control flow and data flow information of the program through the execution of the probes, so as to achieve the purpose of testing. It should be noted that, in the embodiment of the present invention, byte variation is not performed on the key itself, because if only the key byte itself is varied, a bug exists, which can generally be found in a pre-fuzzy test, and if the key is wrong in a subsequent test, parsing of the target configuration file is often failed, so that many useless seed files are added, and the test efficiency is greatly reduced.
S105: and based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file.
Specifically, the key combination seed file determined in step S104 is obtained, then, according to the weight of the key in the key combination seed file, the value corresponding to the key in the key combination seed file is mutated, and instrumentation execution judgment is performed to obtain a new combination seed file. It should be noted that key will determine the function executed during parsing, and value is often used as the execution parameter of the function.
S106: and utilizing the new combined seed file to mine the vulnerability of the program.
And (5) performing fuzzy test by taking the new combined seed file obtained in the step (S105) as an input program, and mining deeper loopholes in the program.
The embodiment of the invention provides a fuzzy test method for a text configuration file, which is characterized in that a program which takes a target configuration file in a text file format as input is subjected to pre-fuzzy test, key variation and value variation to obtain a new combined seed file and then is subjected to fuzzy test, so that deeper loopholes in the program can be comprehensively excavated, and the fuzzy test efficiency for the text configuration file is improved.
Further, on the basis of the above embodiment of the present invention, the obtaining a key combination seed file by mutating a key in a key-value pair of the target configuration file by using the visible character string specifically includes:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
Specifically, firstly, the visible character strings extracted in the preprocessing are used for replacing keys in a key-value pair in a target configuration file one by one, after each key is replaced, a seed file is obtained, the seeds are used as input program instrumentation for execution, if a new execution path is generated, the replaced visible character strings are likely to be valid keys, the keys are stored in a valid key set, and then the final valid key set is extracted.
Then, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to finally obtain a key combination seed file. For the replacement key operation, the key position positioned in the preprocessing is directly replaced by a new key.
When the text file format type adopted by the target configuration file is a key value pair, adding or deleting the key-value pair operation is only required to be added or deleted by directly matching the corresponding key-value line with the format of 'key value'.
When the text file format type adopted by the target configuration file is json, the key-value pair adding and deleting operation is carried out by directly matching the corresponding key-value item with the format of 'key' and 'value'.
When the text file format type adopted by the target configuration file is XML, adding or deleting the key-value pair operation, wherein the label where the key-value pair is located needs to be identified firstly, and the whole label is directly added or deleted; if the key-value is stored in the label as the attribute of the label and the label has other attributes, only adding and deleting the label attribute without adding and deleting the label; if the label has no other attributes, the whole label is added or deleted.
The embodiment of the invention provides a fuzzy test method for a text configuration file, which comprises the steps of randomly deleting, replacing and adding keys in the seed file in sequence based on the effective key set, carrying out variation on the keys to obtain a key combination seed file, more comprehensively excavating bugs in a program, and improving the fuzzy test efficiency for the text configuration file.
Further, on the basis of the embodiment of the present invention, the mutating a value corresponding to a key in the key combination seed file based on the weight of the key in the key combination seed file to obtain a new combination seed file specifically includes:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
Specifically, after the key combination seed file is obtained, firstly, values corresponding to the keys in the key combination seed file are mutated one by one according to the weights of the keys in the key combination seed file, and if it is determined that a new execution path is generated when the mutated seed file is subjected to instrumentation execution, the weights corresponding to the keys are set according to the number of new code blocks generated in the new execution path. For example, the values of 3 keys are [1,2,3], first, the value of the first key is mutated to obtain [ xxxx,2,3], then, the original value of the first key is maintained, the value of the 2 nd key is mutated to obtain [1, xxxxx,3], finally, the value of the 3 rd key is mutated to obtain [1,2, xxxxxxx ], weights corresponding to the keys are set according to the number of new code blocks in the newly appeared execution path, the newly added code blocks are also compared with the path of the original value [1,2,3], and each new code block is added to correspond to a key weight + 1. For the sake of distinction, xxxx denotes a value after value variation of the first key, xxxxx denotes a value after value variation of the 2 nd key, xxxxxxx denotes a value after value variation of the 3 rd key, and xxxx, xxxxx and xxxxxxxxx are unrelated.
Then, randomly selecting M keys from the first N keys with high weight, mutating values corresponding to the M keys, if it is judged that a new execution path is generated when the mutated seed file is subjected to instrumentation, simultaneously increasing the weights of the M keys, or if it is judged that no new execution path is generated when the mutated seed file is subjected to instrumentation, simultaneously decreasing the weights of the M keys, and if the weights of P keys existing in the M keys are lower than the weights of the first N keys with high weight, randomly selecting the M keys from the first N keys with high weight again until the weights of the M keys are not larger than a weight threshold value, so as to obtain a new combined seed file. For example, after setting the weights of the corresponding keys, randomly selecting 5 keys from 10 keys with higher weights, and mutating their values. When a new path appears, the number of the newly added code blocks is increased by the weight of 5 keys; when no new path appears, all the 5 key weights are reduced by 1 (the new path takes all the previous paths as a basis, and the purpose is more to search the paths which are not traveled before). And when the weight of 2 keys in the selected 5 keys is lower than that of the former 10 keys, selecting 5 keys from the former 10 keys again for mutation, and repeating the process. When all the key weights become 1, the value variation of the key combination is ended, and a new combination seed file is obtained. And when a new execution path does not appear after multiple value variations, reselecting the key combination seed file.
The embodiment of the invention provides a fuzzy test method for a text configuration file, which comprises the steps of setting weights corresponding to keys according to the number of new code blocks generated in a new execution path, randomly selecting M keys from the first N keys with high weights, adjusting the weights of the M keys according to the new execution path to ensure that the weights are not more than a weight threshold value, carrying out variation on the values to obtain a new combined seed file, excavating deeper loopholes in a program, and improving the fuzzy test efficiency for the text configuration file.
Further, on the basis of the above embodiment of the present invention, the mutating the value corresponding to the key in the key combination seed file specifically includes:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
Specifically, the value corresponding to the key in the key combination seed file is mutated, and the following steps are executed in a circulating manner for a preset number of times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file; the operation strategy comprises bit flipping, integer addition and subtraction, data insertion and data deletion. For example, when the random length data is inserted into the random word, some bits of the value are randomly inverted, random integers are added and subtracted to random bytes, random integers are added and subtracted to random words according to a random big endian sequence and a random little endian sequence, random integers are added and subtracted to random double words according to a random big endian sequence and a random little endian sequence, random length data is inserted into random words according to a random big endian sequence and a random little endian sequence, 80% of the random length data comes from the value itself, and random generation and random position deletion are performed on 20% of the random length data. The loop randomly selects one strategy from the above 7 strategies to perform mutation, and the preset number of the loop is set to be the data length of value (a random number between 1 and 2).
The embodiment of the invention provides a fuzzy test method for a text configuration file, which is characterized in that values corresponding to a plurality of keys in a key combination seed file are mutated by randomly selecting an operation strategy, and the preset times are circularly executed, so that deeper loopholes in a program can be excavated, and the fuzzy test efficiency for the text configuration file is improved.
Fig. 3 is a schematic structural diagram of a fuzzy test apparatus for text configuration files according to an embodiment of the present invention, and as shown in fig. 3, the apparatus includes:
an obtaining module 301, configured to obtain a target configuration file in a text file format;
an identifying module 302, configured to identify a text file format type of the target configuration file, and determine a key-value pair of the target configuration file;
a detection extraction module 303, configured to perform a pre-fuzzy test on a program using the target configuration file as an input to detect whether the program has a format bug, and extract all visible character strings in the program;
a key variation module 304, configured to perform variation on a key in a key-value pair of the target configuration file by using the visible character string, so as to obtain a key combination seed file;
a value variation module 305, configured to perform variation on a value corresponding to a key in the key combination seed file based on the weight of the key in the key combination seed file to obtain a new combination seed file;
and the mining module 306 is used for mining the vulnerability of the program by using the new combined seed file.
The fuzzy test device for the text configuration file is used for realizing the fuzzy test method for the text configuration file provided by the method embodiments. Therefore, the descriptions and definitions in the foregoing method embodiments may be used for understanding each execution module in the fuzzy test apparatus for text configuration files provided in the embodiments of the present invention, and are not described herein again.
The embodiment of the invention provides a fuzzy test device for a text configuration file, wherein a new combined seed file is obtained by performing pre-fuzzy test, key variation and value variation on a program which takes a target configuration file in a text file format as input, and the fuzzy test is performed, so that deeper loopholes in the program can be comprehensively excavated, and the fuzzy test efficiency for the text configuration file is improved.
Further, on the basis of the above embodiment of the present invention, the key variation module is specifically configured to:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
Further, on the basis of the above embodiment of the present invention, the value variation module is specifically configured to:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
Further, the value variant module is specifically further configured to:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a Processor (Processor)401, a Memory (Memory)402, a communication Interface (Communications Interface)403 and a communication bus 404, wherein the Processor 401, the Memory 402 and the communication Interface 403 communicate with each other via the communication bus 404. Processor 401 may invoke logic instructions in memory 402 to perform the methods provided by the various method embodiments described above, including, for example: acquiring a target configuration file in a text file format; identifying the text file format type of the target configuration file, and determining a key value-value pair of the target configuration file; performing pre-fuzzy test on a program taking the target configuration file as input to detect whether the program has a format bug, and extracting all visible character strings in the program; utilizing the visible character string to perform variation on a key in a key-value pair of the target configuration file to obtain a key combination seed file; based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file; and utilizing the new combined seed file to mine the vulnerability of the program.
Furthermore, the logic instructions in the memory 402 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Embodiments of the present invention further provide a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the method provided by the foregoing method embodiments when executed by a processor, for example, the method includes: acquiring a target configuration file in a text file format; identifying the text file format type of the target configuration file, and determining a key value-value pair of the target configuration file; performing pre-fuzzy test on a program taking the target configuration file as input to detect whether the program has a format bug, and extracting all visible character strings in the program; utilizing the visible character string to perform variation on a key in a key-value pair of the target configuration file to obtain a key combination seed file; based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file; and utilizing the new combined seed file to mine the vulnerability of the program.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A fuzzy test method for text configuration files is characterized by comprising the following steps:
acquiring a target configuration file in a text file format;
identifying the text file format type of the target configuration file, and determining a key value-value pair of the target configuration file;
performing pre-fuzzy test on a program taking the target configuration file as input to detect whether the program has a format bug, and extracting all visible character strings in the program;
utilizing the visible character string to perform variation on a key in a key-value pair of the target configuration file to obtain a key combination seed file;
based on the weight of the key in the key combination seed file, carrying out variation on the value corresponding to the key in the key combination seed file to obtain a new combination seed file;
and utilizing the new combined seed file to mine the vulnerability of the program.
2. The fuzzy test method for the text configuration file according to claim 1, wherein the varying the key in the key-value pair of the target configuration file by using the visible character string to obtain a key combination seed file specifically comprises:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
3. The fuzzy test method for the text configuration file according to claim 1, wherein the varying the value corresponding to the key in the key combination seed file based on the weight of the key in the key combination seed file to obtain a new combination seed file specifically comprises:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
4. The fuzzy test method for the text configuration file according to claim 1, wherein the mutating the value corresponding to the key in the key combination seed file specifically comprises:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
5. A fuzzy test device for text configuration files is characterized by comprising:
the acquisition module is used for acquiring a target configuration file in a text file format;
the identification module is used for identifying the text file format type of the target configuration file and determining a key-value pair of the target configuration file;
the detection extraction module is used for performing pre-fuzzy test on the program taking the target configuration file as input so as to detect whether the program has a format bug and extracting all visible character strings in the program;
the key variation module is used for varying keys in the key-value pairs of the target configuration files by using the visible character strings to obtain key combination seed files;
the value variation module is used for varying values corresponding to the keys in the key combination seed file based on the weights of the keys in the key combination seed file to obtain a new combination seed file;
and the mining module is used for mining the vulnerability of the program by using the new combined seed file.
6. The text profile-oriented fuzz testing apparatus according to claim 5, wherein the key mutation module is specifically configured to:
for each visible character string, replacing a key in the key-value pair with the current visible character string to obtain a seed file, executing the seed file as an input instrumentation, and storing the key to an effective key set if a new execution path is generated;
and based on the effective key set, randomly deleting, replacing and adding any one of the keys in the seed file in sequence to obtain a key combination seed file.
7. The fuzz testing apparatus for text-oriented profiles according to claim 5, wherein the value variation module is specifically configured to:
the value corresponding to each key in the key combination seed file is subjected to variation, and if a new execution path is generated after the instrumentation is judged, the weight corresponding to the key is set according to the number of new code blocks generated in the new execution path;
randomly selecting M keys from the first N keys with high weights, carrying out variation on values corresponding to the M keys, simultaneously increasing the weights of the M keys if judging that a new execution path is generated after the instrumentation is executed, or simultaneously decreasing the weights of the M keys if judging that a new execution path is not generated after the instrumentation is executed, and randomly selecting the M keys from the first N keys with high weights again until the weights of the M keys are not more than a weight threshold value if the weights of the P keys in the M keys are lower than the weights of the first N keys with high weights to obtain a new combined seed file;
wherein N, M and P are natural numbers more than or equal to 1, and N is more than or equal to M and more than or equal to P.
8. The text-profile-oriented fuzz testing apparatus according to claim 5, wherein the value variation module is further configured to:
circularly executing the following steps for preset times: randomly selecting an operation strategy to carry out variation on values corresponding to Q keys in the key combination seed file;
the preset times are determined according to the data length of the value corresponding to the key; the operation strategy comprises bit-wise overturning, integer addition and subtraction, data insertion and data deletion; q is a natural number of 1 or more.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the text profile oriented fuzz testing method according to any of the claims 1 to 4 when executing the program.
10. A non-transitory computer readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the text profile oriented fuzz testing method according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010636048.7A CN111913877B (en) | 2020-07-03 | 2020-07-03 | Fuzzy test method and device for text configuration file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010636048.7A CN111913877B (en) | 2020-07-03 | 2020-07-03 | Fuzzy test method and device for text configuration file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111913877A true CN111913877A (en) | 2020-11-10 |
| CN111913877B CN111913877B (en) | 2021-09-28 |
Family
ID=73227332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010636048.7A Active CN111913877B (en) | 2020-07-03 | 2020-07-03 | Fuzzy test method and device for text configuration file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111913877B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417461A (en) * | 2020-12-07 | 2021-02-26 | 北京梆梆安全科技有限公司 | Fuzzy test method and system for equipment firmware |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090204591A1 (en) * | 2008-02-11 | 2009-08-13 | Rauli Kaksonen | Method and arrangement for test case creation |
| CN103034580A (en) * | 2011-09-29 | 2013-04-10 | 西门子公司 | Method and device and system for fuzzy test |
| CN103544109A (en) * | 2013-11-15 | 2014-01-29 | 大连交通大学 | Novel combined test case generation method |
| CN106681901A (en) * | 2015-11-10 | 2017-05-17 | 中国电信股份有限公司 | Method and device for testing sample generation |
| CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
| CN110401581A (en) * | 2019-07-22 | 2019-11-01 | 杭州电子科技大学 | Industry control agreement fuzz testing case generation method based on flow retrospect |
| CN110912776A (en) * | 2019-11-27 | 2020-03-24 | 中国科学院信息工程研究所 | Automatic fuzzy test method and device for entity router management protocol |
-
2020
- 2020-07-03 CN CN202010636048.7A patent/CN111913877B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090204591A1 (en) * | 2008-02-11 | 2009-08-13 | Rauli Kaksonen | Method and arrangement for test case creation |
| CN103034580A (en) * | 2011-09-29 | 2013-04-10 | 西门子公司 | Method and device and system for fuzzy test |
| CN103544109A (en) * | 2013-11-15 | 2014-01-29 | 大连交通大学 | Novel combined test case generation method |
| CN106681901A (en) * | 2015-11-10 | 2017-05-17 | 中国电信股份有限公司 | Method and device for testing sample generation |
| CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
| CN110401581A (en) * | 2019-07-22 | 2019-11-01 | 杭州电子科技大学 | Industry control agreement fuzz testing case generation method based on flow retrospect |
| CN110912776A (en) * | 2019-11-27 | 2020-03-24 | 中国科学院信息工程研究所 | Automatic fuzzy test method and device for entity router management protocol |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417461A (en) * | 2020-12-07 | 2021-02-26 | 北京梆梆安全科技有限公司 | Fuzzy test method and system for equipment firmware |
| CN112417461B (en) * | 2020-12-07 | 2023-10-03 | 北京梆梆安全科技有限公司 | Fuzzy test method and system for equipment firmware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111913877B (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9983941B2 (en) | Method and apparatus for recovering data | |
| CN105656886A (en) | Method and device for detecting website attack behaviors based on machine learning | |
| Kobayashi et al. | Towards an NLP-based log template generation algorithm for system log analysis | |
| CN111368289B (en) | Malicious software detection method and device | |
| CN111913877B (en) | Fuzzy test method and device for text configuration file | |
| CN106990956A (en) | Code file clone's detection method based on suffix tree | |
| CN111404889B (en) | Audit method and device and client | |
| CN112328499A (en) | Test data generation method, device, equipment and medium | |
| CN112653709A (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
| CN112559112B (en) | Interface node positioning method and device | |
| CN113722711A (en) | Data adding method based on big data security vulnerability mining and artificial intelligence system | |
| CN112860549A (en) | Method and device for obtaining test sample | |
| CN113591073A (en) | Web API security threat detection method and device | |
| CN112434831A (en) | Troubleshooting method and device, storage medium and computer equipment | |
| CN111898126A (en) | Android repackaging application detection method based on dynamically acquired user interface | |
| CN111832260B (en) | Method for converting syslog log into universal alarm log of power system | |
| CN114063606B (en) | PLC protocol fuzzy test method and device, electronic equipment and storage medium | |
| CN115599388A (en) | API (application programming interface) document generation method, storage medium and electronic equipment | |
| CN114943083A (en) | Intelligent terminal vulnerability code sample mining method and device and electronic equipment | |
| CN112163217B (en) | Malware variant identification method, device, equipment and computer storage medium | |
| CN111209158B (en) | Mining monitoring method and cluster monitoring system for server cluster | |
| CN112686029A (en) | SQL new sentence identification method and device for database audit system | |
| CN115543950B (en) | Log-normalized data processing system | |
| KR102523671B1 (en) | Log-based anomaly detection system of autonomous driving system and its operation method | |
| CN117632760A (en) | Test case total generation method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |