CN113051153A - Application software vulnerability scanning method and related equipment - Google Patents

Application software vulnerability scanning method and related equipment Download PDF

Info

Publication number
CN113051153A
CN113051153A CN202110204746.4A CN202110204746A CN113051153A CN 113051153 A CN113051153 A CN 113051153A CN 202110204746 A CN202110204746 A CN 202110204746A CN 113051153 A CN113051153 A CN 113051153A
Authority
CN
China
Prior art keywords
program
test
application software
source code
program source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110204746.4A
Other languages
Chinese (zh)
Other versions
CN113051153B (en
Inventor
张嘉玮
何跃鹰
张晓明
曹可建
杜鹏
孙中豪
罗冰
何连瑶
关广振
周雨晨
涂腾飞
王华伟
秦佳伟
崔栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongshi Ruian Beijing Network Technology Co ltd
National Computer Network and Information Security Management Center
Original Assignee
Zhongshi Ruian Beijing Network Technology Co ltd
Beijing University of Posts and Telecommunications
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongshi Ruian Beijing Network Technology Co ltd, Beijing University of Posts and Telecommunications, National Computer Network and Information Security Management Center filed Critical Zhongshi Ruian Beijing Network Technology Co ltd
Priority to CN202110204746.4A priority Critical patent/CN113051153B/en
Publication of CN113051153A publication Critical patent/CN113051153A/en
Application granted granted Critical
Publication of CN113051153B publication Critical patent/CN113051153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3636Software debugging by tracing the execution of the program
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/366Software debugging using diagnostics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3676Test management for coverage analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

One or more embodiments of the present disclosure provide an application software vulnerability scanning method and related device; the method comprises the following steps: acquiring a program source code and program basic information of the application software; performing instrumentation on the program source code; matching the program basic information with a program information database to obtain a test seed; carrying out mutation on the test seeds according to a preset mutation strategy to obtain a first test case; performing a preset round number test on the program source code through the first test case to obtain a crash result of the application software; and determining the vulnerability of the application software according to the crash result of the application software. The method improves the efficiency of application program vulnerability detection.

Description

Application software vulnerability scanning method and related equipment
Technical Field
One or more embodiments of the present disclosure relate to the field of network security technologies, and in particular, to a method for scanning vulnerabilities of application software and a related device.
Background
With the rapid development and popularization of computer technology and network technology, network security has become one of the focus issues of people's attention. In recent years, with the continuous development of various online applications, more and more user requirements need to be met, the scale of the program source code of the online application is continuously increased, and meanwhile, due to the high coupling generated during program development, the easily utilized security loopholes and the code backdoor are not limited to the past form any more, so that the difficulty of detecting the security loopholes in the source code by using the traditional method is greatly increased. Therefore, how to effectively improve the efficiency of detecting the source code vulnerability at present becomes a problem to be solved urgently
The best method for ensuring the safety of the application software is to start detection and analysis from the source code of the application software, so that the application software can be ensured not to be set up at a backdoor, and potential vulnerability security threats can be discovered and solved in advance. The gray box test is one of the common source code defect testing technologies at present, and the method is mainly characterized in that the detection efficiency is higher than that of a white box test, the method starts from the whole program instead of trapping details of the program, meanwhile, the method has certain priori knowledge, focuses more on the internal logic of the program than that of a black box test, and the internal running state is often judged through some characteristic phenomena, events and marks.
At present, a mainstream fuzzy tester has no good method in selection of test seeds, which can cause the efficiency of subsequent fuzzy test to be reduced, and meanwhile, when the test seeds are changed, the lack of a good variation scheduling strategy can cause the fuzzy tester to have insufficient distinguishing treatment on variation methods which can generate more new paths and variation methods which generate less new paths when the fuzzy tester calls the variation methods. Thus, none of the existing fuzz testers have a satisfactory efficiency in fuzz testing application software.
Disclosure of Invention
In view of the above, one or more embodiments of the present disclosure provide an application bug scanning method and related apparatus, so as to solve the problem of low efficiency in detecting an application bug.
In view of the above, one or more embodiments of the present specification provide an application software vulnerability scanning method, including:
acquiring a program source code and program basic information of the application software;
performing instrumentation on the program source code;
matching the program basic information with a program information database to obtain a test seed;
carrying out mutation on the test seeds according to a preset mutation strategy to obtain a first test case;
performing a preset round number test on the program source code through the first test case to obtain a crash result of the application software;
and determining the vulnerability of the application software according to the crash result of the application software.
Further, the performing a preset number of rounds of tests on the program source code through the first test case includes:
performing a first round of test on the program source code by using the first test case;
acquiring code coverage rate based on edges and blocks;
obtaining a variation strategy for generating a new path according to the code coverage rate;
increasing the scheduling times of the variation strategy generating the new path when the next round of test is carried out;
carrying out mutation on the test seed based on a mutation strategy for generating a new path to obtain a second test case;
and carrying out a new round of test on the program source code by using the second test case, and returning to the step of obtaining the code coverage rate based on the edges and the blocks to continue executing until the preset round number is reached.
Further, the determining the vulnerability of the application software according to the crash result of the application software further includes:
acquiring a first crash signal generated by an operating system kernel function when the application software crashes;
determining a second crash signal which is generated when the program source code crashes based on the program basic information;
in response to determining that the first crash signal is the same as the second crash signal, the crash result is a program source code vulnerability.
Further, the program basic information comprises one or more of a programming language type, a programming framework and a work-oriented type.
Further, the step of obtaining a test seed by matching the program basic information with a program information database comprises:
the program information database selects a corresponding seed as the test seed based on one of the programming language type, the programming framework and the work-oriented type of the application program; or
And the program information database respectively selects corresponding seeds and takes intersection as the test seeds based on a plurality of items in the programming language type, the programming framework and the work-oriented type of the application program.
Further, the mutation policy includes one or more of addition, multiplication, byte flipping, bit flipping, and byte setting.
Further, the instrumentation of the program source code includes:
performing lexical analysis and syntactic analysis on the program source code to obtain the position of a key code;
and inserting a probe at the position of the key code.
Based on the same inventive concept, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the method as described in any one of the above items when executing the program.
Based on the same inventive concept, one or more embodiments of the present specification also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method as any one of the above.
As can be seen from the above, in the application software vulnerability scanning method and the related device provided in one or more embodiments of the present specification, the corresponding test seeds are obtained by matching the program basic information with the program information database, the test seeds at this time are more targeted for testing the application software, meanwhile, the code coverage rate can be continuously improved by the cyclic code coverage rate feedback mechanism, and the vulnerability detection efficiency is significantly improved.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, and it is obvious that the drawings in the following description are only one or more embodiments of the present specification, and that other drawings may be obtained by those skilled in the art without inventive effort from these drawings.
FIG. 1 is a flowchart of an application vulnerability scanning method according to one or more embodiments of the present disclosure;
fig. 2 is a flowchart illustrating a preset round number test performed by the vulnerability scanning method of the application software according to one or more embodiments of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to one or more embodiments of the present disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present specification should have the ordinary meaning as understood by those of ordinary skill in the art to which this disclosure belongs. The use of "first," "second," and similar terms in one or more embodiments of the specification is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
As described in the background section, the existing vulnerability scanning method for application software is still difficult to meet the requirement in terms of detection efficiency. The applicant finds that the existing application software vulnerability scanning method mainly has the following problems in the process of implementing the disclosure: the method has the advantages that no better method is available in the selection of the test seeds, so that the fuzz test efficiency of the application software is low; and no good mutation strategy is available for screening the mutation methods which generate more new paths and the mutation methods which generate fewer new paths, so that the efficiency of performing fuzzy test on the application software is further reduced.
To solve the above technical problem, one or more embodiments of the present specification provide, in conjunction with fig. 1, an application software scanning method, which may be performed by a fuzz tester, including the following steps:
step S101: program source codes and program basic information of the application software are obtained.
In the step, a get command in a code hosting platform (Github) can be used for directly pulling a project file of the application software to an input folder corresponding to the fuzzy tester, so as to obtain a program source code; or downloading the program source code of the application software through the Internet and inputting the path for storing the program source code into the fuzzy tester.
The program basic information comprises one or more of a programming language type, a programming framework and a work-oriented type.
Step S102: and performing instrumentation on the program source code.
In this step, the compiling can be performed by a compiler provided by the fuzzy tester, lexical analysis and syntactic analysis can be performed on the program source code in the compiling process to obtain the position of the specific key code, a probe is inserted into the position of the key code on the premise of not changing the original logic integrity of the program source code to be tested for information acquisition, and the instrumentation of the program source code is convenient for subsequent code coverage rate statistics.
Step S103: and matching the program basic information with a program information database to obtain a test seed.
In this step, the program basic information obtained in step S101 is used to select a corresponding test seed in the program information database according to one or more of the applied programming language type, the programming framework, and the work-oriented type.
Specifically, when the program basic information of the application program comprises one of a programming language type, a programming frame and a work-oriented type, directly taking the correspondingly selected seed as a test seed; when the program basic information of the application program comprises a plurality of items in a programming language type, a programming frame and a work-oriented type, selecting corresponding seeds respectively and then taking an intersection as a test seed required by the fuzz test.
Step S104: and mutating the test seeds according to a preset mutation strategy to obtain a first test case.
In this step, the mutation policy includes one or more of addition, multiplication, byte inversion, bit inversion, byte setting, and the like. After the mutation strategy is preset, the fuzzy tester can be prevented from randomly selecting the mutation strategy, so that the test case generated after mutation is more targeted.
Step S105: and carrying out a preset round number test on the program source code through the first test case to obtain a crash result of the application software.
Further, with reference to fig. 2, the performing a preset round number test on the program source code through the first test case includes the following steps:
step S201: and carrying out a first round of test on the program source code by utilizing the first test case.
In this step, each element of the first test case is specifically input to the instrumented program source code in a loop.
Step S202: edge and block based code coverage is obtained.
In the step, the code coverage rate based on the comprehensive evaluation of the edges and the blocks is obtained through the instrumentation code segment.
Step S203: and obtaining a mutation strategy for generating a new path according to the code coverage rate.
In this step, a mutation strategy for generating a new path, that is, a mutation strategy with high code coverage rate, may be selected according to the code coverage rate and the key value pair formed by the corresponding mutation strategy.
Step S204: and increasing the scheduling times of the mutation strategies generating the new paths when the next round of test is carried out.
In this step, after the test of the program source code is completed, the coverage rates of the generated codes are also different according to the test cases obtained by different variation strategies; mutation strategies for generating new paths, i.e. mutation strategies for improving code coverage. Therefore, in the next round of testing, the scheduling times of the mutation strategies for generating new paths need to be increased, so as to improve the code coverage. In addition, the increased number of times of scheduling may be selected according to actual situations, and is not specifically limited herein.
Step S205: and carrying out mutation on the test seeds based on the mutation strategy for generating the new path and the corresponding scheduling times to obtain a second test case.
In this step, the number of times of scheduling of the variation strategy of the generated new path in byte inversion, addition, multiplication, bit inversion and byte setting is increased, and after the variation strategy of the currently allocated number of times of scheduling is used for performing variation on the test seeds, a second test case capable of further improving the code coverage rate is obtained.
Step S206: and carrying out a new round of test on the program source code by using the second test case, and returning to the step S202 to continue executing until the preset round number is reached.
In this step, after the test of the preset number of rounds, the code coverage rate is continuously adjusted and optimized, and finally the code coverage rate is converged to the highest code coverage rate in the preset number of rounds, so as to obtain more crash results.
Step S106: and determining the vulnerability of the application software according to the crash result of the application software.
Next, a specific application scenario of the application software vulnerability scanning method of the embodiment is given. The application program is LibTIFF which is a library used for reading and writing label image file formats, application program source codes of the LibTIFF are downloaded through the Internet, the programming language type of the LibTIFF is C language, a jpeg library and a tiff library are further used, and the work-oriented type of the LibTIFF is graphics and image processing. Compiling the LibTIFF program source code by using a compiler provided by the fuzzy tester, and performing instrumentation on each key tuple in the program source code. Furthermore, the program information database matches seeds through keywords of C language, graph and image processing, wherein C language programming is more oriented to the bottom layer, some seeds which are easy to trigger the bottom layer mechanism of the operating system are selected according to the characteristics, a jpeg library and a tiff library finish operation aiming at pictures, corresponding picture seeds are selected by the corresponding program information database according to the characteristics, and the intersection of the seeds retrieved according to the two characteristics is taken as a test seed. And (3) carrying out variation on the test seeds by utilizing addition, multiplication, byte inversion, bit inversion and byte setting to obtain a first test case. Next, testing the program source code for 20 rounds, performing a first round of testing on the program source code of the LibTIFF by using a first test case, acquiring code coverage based on edge and block comprehensive evaluation through instrumentation code segments, and selecting a variation strategy for generating a new path according to the code coverage and a key value pair formed by a corresponding variation strategy; and increasing the scheduling times of the mutation strategy for generating the new path in the next round of test. And further, carrying out mutation on the test seeds again based on a mutation strategy for generating a new path and corresponding scheduling times to obtain a second test case, carrying out a new round of test on the program source codes by using the second test case, then, obtaining code coverage rate circulation execution operation based on edge and block comprehensive evaluation until 20 rounds of test are completed, finally obtaining a collapse result of the LibTIFF, and finally determining the vulnerability of the LibTIFF according to the collapse result of the LibTIFF.
In one or more embodiments of the present disclosure, the determining the vulnerability of the application software according to the crash result of the application software in the above step may further include:
acquiring a first crash signal generated by an operating system kernel function when application software crashes;
determining a second crash signal which is correspondingly generated when the program source code crashes based on the program basic information;
in response to determining that the first crash signal is the same as the second crash signal, the crash result is a program source code vulnerability.
It can be understood that whether the current crash result is a program code bug is determined by judging the consistency of a first crash signal generated by an operating system when the application software crashes and a second crash signal generated by the program source code, if so, the current crash result belongs to the program code bug, otherwise, the current crash result belongs to other bugs except the program bug, and the bug detection efficiency is further improved. Correspondingly, the information security vulnerability existing in the program source code can be reversely deduced through the related information of the second crash signal.
Therefore, according to the application software vulnerability scanning method provided by one or more embodiments of the present specification, the corresponding program basic information of different application software is matched with the program information database to obtain more targeted test seeds, the influence of invalid test seeds on the detection efficiency is reduced, the vulnerability detection efficiency is improved, and the loop-based code coverage rate feedback mechanism is continuously optimized within the preset number of test rounds, so that the vulnerability detection efficiency is greatly improved. Meanwhile, the bugs are further compared and analyzed to be program source code bugs or other bugs, and therefore accuracy of bug detection is improved.
It should be noted that the method of one or more embodiments of the present disclosure may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of one or more embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above description describes certain embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiments, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the method for scanning vulnerabilities of application software according to any of the above-mentioned embodiments.
Fig. 3 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the above embodiment is used to implement the corresponding method for scanning vulnerability of application software in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiment methods, one or more embodiments of the present specification further provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the application software vulnerability scanning method according to any of the above-mentioned embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the application software vulnerability scanning method according to any of the foregoing embodiments, and have the beneficial effects of the corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the spirit of the present disclosure, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the present description as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures, for simplicity of illustration and discussion, and so as not to obscure one or more embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the understanding of one or more embodiments of the present description, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the one or more embodiments of the present description are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that one or more embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
It is intended that the one or more embodiments of the present specification embrace all such alternatives, modifications and variations as fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of one or more embodiments of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (9)

1. An application software vulnerability scanning method comprises the following steps:
acquiring a program source code and program basic information of the application software;
performing instrumentation on the program source code;
matching the program basic information with a program information database to obtain a test seed;
carrying out mutation on the test seeds according to a preset mutation strategy to obtain a first test case;
performing a preset round number test on the program source code through the first test case to obtain a crash result of the application software;
and determining the vulnerability of the application software according to the crash result of the application software.
2. The method of claim 1, wherein the performing a preset number of rounds of testing on the program source code by the first test case comprises:
performing a first round of test on the program source code by using the first test case;
acquiring code coverage rate based on edges and blocks;
obtaining a variation strategy for generating a new path according to the code coverage rate;
increasing the scheduling times of the variation strategy generating the new path when the next round of test is carried out;
carrying out mutation on the test seed based on a mutation strategy for generating a new path to obtain a second test case;
and carrying out a new round of test on the program source code by using the second test case, and returning to the step of obtaining the code coverage rate based on the edges and the blocks to continue executing until the preset round number is reached.
3. The method of claim 1, wherein the determining the vulnerability of the application software according to the crash result of the application software further comprises:
acquiring a first crash signal generated by an operating system kernel function when the application software crashes;
determining a second crash signal which is generated when the program source code crashes based on the program basic information;
in response to determining that the first crash signal is the same as the second crash signal, the crash result is a program source code vulnerability.
4. The method of claim 1, wherein the program base information comprises one or more of a programming language type, a programming framework, a job oriented type.
5. The method of claim 4, wherein the obtaining of the test seed by matching the program basic information with a program information database comprises:
the program information database selects a corresponding seed as the test seed based on one of the programming language type, the programming framework and the work-oriented type of the application program; or
And the program information database respectively selects corresponding seeds and takes intersection as the test seeds based on a plurality of items in the programming language type, the programming framework and the work-oriented type of the application program.
6. The method of claim 1, wherein the mutation strategies include one or more of addition, multiplication, byte flipping, bit flipping, and byte setting.
7. The method of claim 1, wherein said instrumenting the program source code comprises:
performing lexical analysis and syntactic analysis on the program source code to obtain the position of a key code;
and inserting a probe at the position of the key code.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
9. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
CN202110204746.4A 2021-02-23 2021-02-23 Application software vulnerability scanning method and related equipment Active CN113051153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110204746.4A CN113051153B (en) 2021-02-23 2021-02-23 Application software vulnerability scanning method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110204746.4A CN113051153B (en) 2021-02-23 2021-02-23 Application software vulnerability scanning method and related equipment

Publications (2)

Publication Number Publication Date
CN113051153A true CN113051153A (en) 2021-06-29
CN113051153B CN113051153B (en) 2022-11-15

Family

ID=76509013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110204746.4A Active CN113051153B (en) 2021-02-23 2021-02-23 Application software vulnerability scanning method and related equipment

Country Status (1)

Country Link
CN (1) CN113051153B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117874772A (en) * 2024-03-11 2024-04-12 广州锦高信息科技有限公司 Application software vulnerability scanning method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
CN108595341A (en) * 2018-05-11 2018-09-28 清华大学 Automatic example generation method and system
CN110135165A (en) * 2019-04-12 2019-08-16 江苏大学 A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism
CN110765000A (en) * 2019-09-06 2020-02-07 深圳开源互联网安全技术有限公司 Program testing method and device
CN112286823A (en) * 2020-11-18 2021-01-29 山石网科通信技术股份有限公司 Method and device for testing kernel of operating system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
CN108595341A (en) * 2018-05-11 2018-09-28 清华大学 Automatic example generation method and system
CN110135165A (en) * 2019-04-12 2019-08-16 江苏大学 A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism
CN110765000A (en) * 2019-09-06 2020-02-07 深圳开源互联网安全技术有限公司 Program testing method and device
CN112286823A (en) * 2020-11-18 2021-01-29 山石网科通信技术股份有限公司 Method and device for testing kernel of operating system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JUNJIE WANG 等: "Skyfire: Data-Driven Seed Generation for Fuzzing", 《2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY》 *
蔡军 等: "基于改进轮盘赌策略的反馈式模糊测试方法", 《四川大学学报(工程科学版)》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117874772A (en) * 2024-03-11 2024-04-12 广州锦高信息科技有限公司 Application software vulnerability scanning method and system

Also Published As

Publication number Publication date
CN113051153B (en) 2022-11-15

Similar Documents

Publication Publication Date Title
US9135147B2 (en) Automated testing of applications with scripting code
CN111124926B (en) Fuzzy test method and device, electronic equipment and storage medium
Park et al. Carfast: Achieving higher statement coverage faster
CN109783350A (en) Interface test method, device and computer readable storage medium
Falke et al. The bounded model checker LLBMC
CN103678115B (en) The apparatus and method of the position of source code mistake are detected in mixed mode program
CN110837472B (en) Browser testing method and device and computer equipment
CN112597064B (en) Method for simulating program, electronic device and storage medium
CN115659358B (en) Intelligent contract fuzzy test method and device
CN112257054A (en) Software application unauthorized risk detection method, electronic equipment and storage medium
CN113051153B (en) Application software vulnerability scanning method and related equipment
CN114579452A (en) Interface influence detection method and related equipment
CN112861134B (en) Vulnerability detection method, device, equipment and medium based on optimization variation strategy
US9489284B2 (en) Debugging method and computer program product
CN114328062B (en) Method, device and storage medium for checking cache consistency
CN112506806B (en) Method for debugging program, electronic device and storage medium
US8572555B2 (en) Automated testing of software with targeting of deep paths
CN112989736B (en) Method, apparatus and storage medium for detecting erroneous instances of a modified design
CN112783759B (en) White box test task execution method and device, storage medium and computer equipment
CN113448839B (en) Application program testing method, device, equipment and storage medium
CN112860544B (en) Code detection method, device, equipment and computer readable storage medium
Chowdhury et al. Did I make a mistake? Finding the impact of code change on energy regression
CN115082294A (en) Image format determination method and device and electronic equipment
CN107562611B (en) Method and device for realizing simulation test
CN116361154A (en) Test sample generation method, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210804

Address after: 100029 Beijing city Chaoyang District Yumin Road No. 3

Applicant after: NATIONAL COMPUTER NETWORK AND INFORMATION SECURITY MANAGEMENT CENTER

Applicant after: ZHONGSHI RUIAN (BEIJING) NETWORK TECHNOLOGY Co.,Ltd.

Address before: 100029 Beijing city Chaoyang District Yumin Road No. 3

Applicant before: NATIONAL COMPUTER NETWORK AND INFORMATION SECURITY MANAGEMENT CENTER

Applicant before: ZHONGSHI RUIAN (BEIJING) NETWORK TECHNOLOGY Co.,Ltd.

Applicant before: Beijing University of Posts and Telecommunications

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant