CN113051580A - HyperLegger Fabric intelligent contract problem detection method - Google Patents
HyperLegger Fabric intelligent contract problem detection method Download PDFInfo
- Publication number
- CN113051580A CN113051580A CN202110435019.9A CN202110435019A CN113051580A CN 113051580 A CN113051580 A CN 113051580A CN 202110435019 A CN202110435019 A CN 202110435019A CN 113051580 A CN113051580 A CN 113051580A
- Authority
- CN
- China
- Prior art keywords
- intelligent contract
- test
- corpus
- detecting
- fuzz
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 239000004744 fabric Substances 0.000 title claims abstract description 23
- 238000012360 testing method Methods 0.000 claims abstract description 102
- 238000000034 method Methods 0.000 claims abstract description 27
- 230000006870 function Effects 0.000 claims description 24
- 239000000463 material Substances 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000002547 anomalous effect Effects 0.000 claims 1
- 238000011160 research Methods 0.000 abstract description 2
- 230000009471 action Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Abstract
The invention discloses a Hyperridge Fabric intelligent contract problem detection method, which comprises the following steps: s1, generating an initial corpus according to the unit test case; s2, generating a test file according to HF intelligent contract source codes S3, carrying out intelligent contract fuzzy test according to a go-fuzz tool and detecting intelligent contract vulnerabilities; s4, generating and outputting the vulnerability detection result in the step S3, the method is scientific and reasonable in structure and convenient to use, and the method for detecting the problem of the HF intelligent contract based on Go-fuzz is suitable for the HF intelligent contract written by Go language, helps Mockstub and Go-fuzz to detect the problem of the intelligent contract, fills in the gap of research in the aspect of HF intelligent contract vulnerability detection to a certain extent, and can quickly detect the problem of the HF intelligent contract.
Description
Technical Field
The invention relates to the technical field of block chain security, in particular to a Hyperridge Fabric intelligent contract problem detection method.
Background
Hyperhedger Fabric is referred to as HF for short, HF is an enterprise-level licensed distributed ledger technology platform, an intelligent contract is an autonomous program running on a blockchain platform, in the 3.0 era of the blockchain, the intelligent contract provides more complex business function support by HF, the intelligent contract running on the blockchain also plays an increasingly important role in a decentralized application scene, but the influence caused by security vulnerabilities is more obvious, therefore, the automatic detection of the security vulnerabilities of the intelligent contract becomes an urgent problem to be solved in the blockchain technology application, various detection schemes have been proposed for the intelligent contract vulnerabilities at present, the detection mainly surrounds the intelligent contract of an Ethernet workshop and is almost not proposed for related methods of HF intelligent contracts, a ZEUS tool is proposed by Sukrit et al, formal verification can be carried out on the HF intelligent contract, but the logic of the intelligent contract is mainly verified to be consistent with the requirement, the detection of other types of vulnerabilities cannot be met, whether vulnerability types summarized by an Etherhouse intelligent contract are in accordance with or not known on an HF intelligent contract cannot be determined, and therefore testing work cannot be conducted on the vulnerability types.
Disclosure of Invention
The invention aims to provide a Hyperhedger Fabric intelligent contract problem detection method to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: a kind of
The method for detecting the problem of the intelligent contract of the HyperLegendr Fabric comprises the following steps:
s1, generating an initial corpus according to the unit test case;
s2, generating a test file according to the HF intelligent contract source code;
s3, carrying out intelligent contract fuzzy test and detecting intelligent contract vulnerabilities according to the go-fuzz tool;
s4, generating and outputting the vulnerability detection result in the step S3;
further, in step S1, the unit test case is an input case used as an HF intelligent contract unit test, the HF intelligent contract unit test case is used for generating an initial corpus, and the HF intelligent contract unit test case is represented by a JSON type;
further, in step S1, the method further includes the following steps:
s11, representing the HF intelligent contract unit test case by JSON type;
s12, compiling main.go test files according to the unit test cases in the step S1;
(S13) running the main.go file to generate an initial corpus;
further, the test case is used for verifying whether the requirements of specific software are met by compiling a set of test input, execution conditions and expected results for a specific target, and the unit test is used for checking and verifying the minimum testable unit in the software;
further, in step S2, obtaining an HF intelligent contract source code, writing the HF intelligent contract source code through Go language, and calling a Fabric intelligent contract rule by using a mocksub class to generate a test file;
furthermore, a test file, fuzz.go, is compiled according to the function of the intelligent contract source code in the step S2, the function is called according to the mocksstub class in the test file, and the information query result is compared with the issued information for detecting the logic error of the intelligent contract;
further, the function is a function except a main function in the intelligent contract;
further, step S3 further includes the following steps:
s31, adding the initial corpus into a corpus;
s32, selecting a corpus from the corpus by using a go-fuzz tool according to the corpus in the step S31;
s33, performing variation on the corpora selected in the step S32 to generate a current test case;
s34, reading in the test file, inputting the test case generated in the step S33, and carrying out the fuzzy test;
s35, if there is a bug, recording bug information and the test case in the step S34;
s36, the corpus is adjusted according to the test feedback result, if the feedback result is integer 1, the current corpus is added into the corpus, if the feedback result is-1, the current corpus cannot be added into the corpus, and if the feedback result is 0 under other conditions;
s37, repeating the steps S32-S36 until the test is terminated;
further, in step S34, the fuzz test is used to discover software bugs by providing unexpected input to the target system and monitoring the abnormal result;
further, in step S4, the output vulnerability detection result includes a detection result, intelligent contract vulnerability information, and corpus information when a vulnerability occurs.
Compared with the prior art, the invention has the following beneficial effects:
the method for detecting the problem of the HF intelligent contract based on Go-fuzz is suitable for the HF intelligent contract written by using Go language, helps Mockstub and Go-fuzz to detect the problem of the intelligent contract, fills in the gap of research in the aspect of HF intelligent contract vulnerability detection to a certain extent, and can quickly detect the problem of the HF intelligent contract by using the method for detecting the problem of the HF intelligent contract.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
In the drawings:
FIG. 1 is a method overview of a Hyperhedger Fabric intelligent contract problem detection method of the present invention;
FIG. 2 is a flowchart illustrating a method for detecting a problem in a Hyperleader Fabric intelligent contract according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example (b): referring to fig. 1-2, the present invention provides the following technical solutions: a Hyperhedger Fabric intelligent contract problem detection method comprises the following steps:
s1, generating an initial corpus according to the unit test case; and acquiring a test case of the HF intelligent contract unit and generating an initial corpus.
S2, generating a test file according to the HF intelligent contract source code; HF intelligent contract source code is obtained, and a test file is generated by using the use rule of a Mockstub class.
S3, carrying out intelligent contract fuzzy test and detecting intelligent contract vulnerabilities according to the go-fuzz tool; and inputting the initial linguistic data and the test file into a go-fuzz tool, performing fuzzy test, and detecting the intelligent contract vulnerability.
S4, generating and outputting the vulnerability detection result in the step S3;
the Hyperhedger Fabric is abbreviated as HF, the HF is a distributed ledger technology platform permitted by an enterprise level, in step S1, a unit test case is used as an input case for HF intelligent contract unit test, the HF intelligent contract unit test case is used for generating initial corpora, and the HF intelligent contract unit test case is expressed by JSON type; smart contracts are computer protocols intended to propagate, validate or execute contracts in an informational manner, allowing trusted transactions without third parties, which are traceable and irreversible, JSON-type ", a lightweight data exchange format. It stores and represents data in a text format that is completely independent of the programming language, based on a subset of ECMAScript (js specification set by the european computer association).
In step S1, the method further includes:
s11, representing the HF intelligent contract unit test case by JSON type;
s12, compiling main.go test files according to the unit test cases in the step S1;
and S13, operating the main file to generate initial language material.
The test case is used for verifying whether the requirements of specific software are met by compiling a group of test input, execution conditions and expected results for a special target, and the unit test is used for checking and verifying the minimum testable unit in the software, and in the embodiment, unit test is performed on all functional functions of the intelligent contract;
in step S2, an HF intelligent contract source code is obtained, written in Go language, and a mock intelligent contract rule is called by using mocksub class to generate a test file;
compiling a test file fuzz.go according to the function of the intelligent contract source code in the step S2, calling the function according to a Mockstub class in the test file, and comparing an information query result with issued information for detecting a logic error of the intelligent contract; the method is characterized in that HF intelligent contract source codes used as input are written by using Go language, a Mockstub class is a method provided by HF for HF intelligent contract unit testing, the Mockstub class maintains a map [ string ] [ ] byte to simulate a key value pair so as to complete the work of a state database in a block chain network, and the Go language refers to a static strong type and a compiling type language developed by Google.
The function is a function except a main function in the intelligent contract; one subroutine in the computer can realize the fixed operation function.
Step S3 further includes the steps of:
s31, adding the initial corpus into a corpus; there is and only the initial corpus in the corpus at this time.
S32, according to the corpus in the step S31, a corpus is randomly selected from the corpus by using a go-fuzz tool; the language material refers to a test case meeting the requirements of a go-fuzz tool, and the initial language material refers to a test case which is used for inputting and meets the requirements of the go-fuzz tool.
S33, performing variation on the corpora selected in the step S32 to generate a current test case; mutation refers to changing the original corpus in detail, thereby generating different corpora.
S34, reading in the test file, inputting the test case generated in the step S33, and carrying out the fuzzy test;
s35, if there is a bug, recording bug information and the test case in the step S34;
s36, the corpus is adjusted according to the test feedback result, if the feedback result is integer 1, the current corpus is added into the corpus, if the feedback result is-1, the current corpus cannot be added into the corpus, and if the feedback result is 0 under other conditions;
s37, repeating the steps S32-S36 until the test is terminated;
in step S34, the fuzz test is used to discover software bugs by providing unexpected input to the target system and monitoring for abnormal results;
in step S4, the output vulnerability detection result includes a detection result, intelligent contract vulnerability information, and corpus information when a vulnerability occurs;
the embodiment is an example of an HF intelligent contract written in any Go language: go-FUZZ in FIG. 1 represents a go-FUZZ tool, FUZZ in FIG. 2 represents a test function specified by go-FUZZ, and Info _1, Info _2, Info _ n, and Check Info _1, Check Info _2, Check Info _ n are custom test functions.
S1, obtaining a HF intelligent contract unit test case, and generating an initial corpus: s11, selecting any HF intelligent contract written by Go language, designing unit test case, and expressing with JSON type, key in JSON type is function name in intelligent contract, and value corresponding to key is function parameter; (S12) compiling a main.go test file according to the unit test cases, converting the JSON type unit test cases into a Data array in the main file, and inputting the Data array into a go-fuzz tool; go file is run to generate initial corpus and output is redirected to the same directory under the corrus folder at the same level S13.
S2, generating a test file according to the HF intelligent contract source code: s21, copying the intelligent contract source code selected in the step S1, saving the intelligent contract source code to the local and saving the intelligent contract source code as a go-format file; and S22, compiling a test file fuzz.go according to the function in the intelligent contract source code, calling the function by the test file through a Mockstub class, and comparing the information query result with the issued information to detect the logic error of the intelligent contract.
S3, carrying out intelligent contract fuzzy test and detecting intelligent contract vulnerabilities according to the go-fuzz tool: s31: adding the initial linguistic data into a corpus, wherein the corpus has the initial linguistic data only; s32: a go-fuzz tool randomly selects a corpus from a corpus; s33: performing variation on the selected corpus to generate a current test case; s34: reading in a test file, inputting a current test case, and starting to perform a fuzzy test; s35: if the bug exists, recording the bug information and the current test case; s36: the corpus is adjusted according to the test feedback result, if the feedback result is integer 1, the current corpus is added into the corpus; the feedback result is-1, which represents that the input data cannot be added into the corpus even if the input data provides a new coverage; otherwise, 0 is returned; s37: steps S32-S36 are repeated until the test is terminated.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A Hyperhedger Fabric intelligent contract problem detection method is characterized in that: the method comprises the following steps:
s1, generating an initial corpus according to the unit test case;
s2, generating a test file according to the HF intelligent contract source code;
s3, carrying out intelligent contract fuzzy test and detecting intelligent contract vulnerabilities according to the go-fuzz tool;
and S4, generating and outputting the vulnerability detection result in the step S3.
2. The method for detecting the problem of the intelligent contract of the HyperLegger Fabric according to claim 1, wherein: in step S1, the unit test case is an input case used as an HF intelligent contract unit test, the HF intelligent contract unit test case is used to generate an initial corpus, and the HF intelligent contract unit test case is represented by a JSON type.
3. The method for detecting the problem of the intelligent contract of the HyperLegger Fabric according to claim 2, wherein: in step S1, the method further includes:
s11, representing the HF intelligent contract unit test case by JSON type;
s12, compiling main.go test files according to the unit test cases in the step S1;
and S13, operating the main file to generate initial language material.
4. The method for detecting problems of HyperLegger Fabric intelligent contracts according to claim 3, wherein: the test cases are used to verify that the requirements of a particular software are met by compiling a set of test inputs, execution conditions, and expected results for a particular target, and the unit test is used to check and verify the smallest testable unit in the software.
5. The method for detecting the problem of the intelligent contract of the HyperLegger Fabric according to claim 1, wherein: in step S2, HF smart contract source code written in Go language is obtained, and the mocksub class is used to call Fabric smart contract rules for generating test files.
6. The method for detecting problems of HyperLegger Fabric intelligent contracts according to claim 5, wherein: and writing a test file fuzz.go according to the functional function of the intelligent contract source code in the step S2, calling the functional function according to a Mockstub class in the test file, and comparing the information query result with the issued information for detecting the logic error of the intelligent contract.
7. The method for detecting problems in HyperLegger Fabric intelligent contracts according to claim 6, wherein: the function is a function except a main function in the intelligent contract.
8. The method for detecting the problem of the intelligent contract of the HyperLegger Fabric according to claim 1, wherein: step S3 further includes the steps of:
s31, adding the initial corpus into a corpus;
s32, selecting a corpus from the corpus by using a go-fuzz tool according to the corpus in the step S31;
s33, performing variation on the corpora selected in the step S32 to generate a current test case;
s34, reading in the test file, inputting the test case generated in the step S33, and carrying out the fuzzy test;
s35, if there is a bug, recording bug information and the test case in the step S34;
s36, the corpus is adjusted according to the test feedback result, if the feedback result is integer 1, the current corpus is added into the corpus, if the feedback result is-1, the current corpus cannot be added into the corpus, and if the feedback result is 0 under other conditions;
s37, repeating the above steps S32-S36 until the test is terminated.
9. The method for detecting problems in HyperLegger Fabric intelligent contracts according to claim 8, wherein: in step S34, the fuzz test is used to discover software vulnerabilities by providing unexpected inputs to the target system and monitoring for anomalous results.
10. The method for detecting the problem of the intelligent contract of the HyperLegger Fabric according to claim 1, wherein: in step S4, the output vulnerability detection result includes a detection result, intelligent contract vulnerability information, and corpus information when a vulnerability occurs.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110435019.9A CN113051580B (en) | 2021-04-22 | 2021-04-22 | Hyperledger Fabric intelligent contract problem detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110435019.9A CN113051580B (en) | 2021-04-22 | 2021-04-22 | Hyperledger Fabric intelligent contract problem detection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113051580A true CN113051580A (en) | 2021-06-29 |
CN113051580B CN113051580B (en) | 2024-02-02 |
Family
ID=76519938
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110435019.9A Active CN113051580B (en) | 2021-04-22 | 2021-04-22 | Hyperledger Fabric intelligent contract problem detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113051580B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110659494A (en) * | 2019-09-27 | 2020-01-07 | 重庆邮电大学 | Extensible intelligent contract vulnerability detection method |
CN111459786A (en) * | 2019-01-18 | 2020-07-28 | 南京大学 | Intelligent contract security testing method based on variant fuzz |
CN111753306A (en) * | 2020-05-29 | 2020-10-09 | 西安深信科创信息技术有限公司 | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium |
-
2021
- 2021-04-22 CN CN202110435019.9A patent/CN113051580B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111459786A (en) * | 2019-01-18 | 2020-07-28 | 南京大学 | Intelligent contract security testing method based on variant fuzz |
CN110659494A (en) * | 2019-09-27 | 2020-01-07 | 重庆邮电大学 | Extensible intelligent contract vulnerability detection method |
CN111753306A (en) * | 2020-05-29 | 2020-10-09 | 西安深信科创信息技术有限公司 | Intelligent contract vulnerability detection method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN113051580B (en) | 2024-02-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6182245B1 (en) | Software test case client/server system and method | |
CN108845940B (en) | Enterprise-level information system automatic function testing method and system | |
Stocks et al. | Test template framework: A specification-based testing case study | |
CN103164334A (en) | System and method for detecting breaking point in web application automatic test case | |
Ding et al. | Hfcontractfuzzer: Fuzzing hyperledger fabric smart contracts for vulnerability detection | |
US11616692B1 (en) | Configuration drift management tool | |
CA3161519A1 (en) | Unit testing of components of dataflow graphs | |
CN105389262A (en) | Method and device for generating test suggestions in allusion to interface tests | |
CN106095501A (en) | A kind of application section arranging method and device | |
Mishra et al. | Test case optimization and prioritization based on multi-objective genetic algorithm | |
CN117112060A (en) | Component library construction method and device, electronic equipment and storage medium | |
CN113051580A (en) | HyperLegger Fabric intelligent contract problem detection method | |
CN114756224A (en) | Activity execution method and device | |
CN115176233B (en) | Performing tests in deterministic order | |
CN114791865A (en) | Method, system and medium for detecting self-consistency of configuration items based on relational graph | |
CN114356783A (en) | Method and device for automatically generating unit test code, storage medium and equipment | |
CN109240737A (en) | A kind of method and system of the packing and issuing in big data platform | |
Fisher et al. | An automated analysis methodology to detect inconsistencies in web services with WSDL interfaces | |
US10997056B1 (en) | Generation of explanatory and executable repair examples | |
CN117234765B (en) | Automatic binary positioning method for kernel performance degradation patch of domestic operating system | |
Jia et al. | Research on security vulnerability detection of smart contract | |
Jeong et al. | Toward Providing Automatic Program Repair by Utilizing Topic-Based Code Block Similarity | |
Sharma et al. | Recent trends in Component Based software development and Efficiency analysis of Semantic search based component retrieval Technique | |
US20230367883A1 (en) | Systems and processes for tailoring risk mitigation of threat events associated with software bill of materials | |
US20230367881A1 (en) | Systems and processes for creating software bill of materials for large distributed builds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20211231 Address after: Room 1006, building 2, Yuhua living room, No. 109, software Avenue, Yuhuatai District, Nanjing, Jiangsu Province Applicant after: Nanjing Kuangji Information Technology Co.,Ltd. Address before: 210000 8 / F, unit 2, building B4, No.8, Jiangdong Street, Jialing, Jianye District, Nanjing, Jiangsu Province Applicant before: Orange net (Nanjing) Artificial Intelligence Research Institute Co.,Ltd. Applicant before: CSIRO data61 |
|
GR01 | Patent grant | ||
GR01 | Patent grant |