CN116662207B - Fuzzy test method for block chain network - Google Patents
Fuzzy test method for block chain network Download PDFInfo
- Publication number
- CN116662207B CN116662207B CN202310906031.2A CN202310906031A CN116662207B CN 116662207 B CN116662207 B CN 116662207B CN 202310906031 A CN202310906031 A CN 202310906031A CN 116662207 B CN116662207 B CN 116662207B
- Authority
- CN
- China
- Prior art keywords
- test
- fuzzy
- network
- rpc
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010998 test method Methods 0.000 title description 7
- 238000012360 testing method Methods 0.000 claims abstract description 126
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000012544 monitoring process Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 7
- 238000001514 detection method Methods 0.000 description 4
- 239000002131 composite material Substances 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Abstract
The invention discloses a method for performing fuzzy test on a blockchain network, which comprises the following steps: generating high-quality seeds for fuzzy test according to the parameter types transmitted by the RPC interface; changing the mode of each RPC interface for acquiring data; and (5) fuzzy test. According to the invention, the high-quality seeds are generated according to the RPC interface, the fuzzy test data are modified to be acquired from the local fuzzy tester, and the fuzzy test manager is deployed to implement the optimized test strategy on the blockchain network, so that the more comprehensive test on the blockchain network is effectively realized, the test coverage rate of the blockchain network is improved, the test efficiency is high, the response is quick, and the practicability is strong.
Description
Technical Field
The invention relates to a fuzzy test method for a block chain network, and belongs to the technical field of block chain security.
Background
The existing method is usually used for testing a certain module such as intelligent contracts, consensus algorithms, virtual machines or encryption algorithms of the blockchain network or specific vulnerability analysis mining of the blockchain network, and obviously has limitations in test coverage.
The Chinese patent application with the application publication number of CN115357902A provides a fuzzy test method for a blockchain system, which utilizes Web3 to manually analyze a blockchain bottom code, position a weak point code, construct a weak point seed, manually construct a corresponding weak point detection code and then test the blockchain system by using the fuzzy test method. It is apparent that it is focused on discovering vulnerabilities in particular aspects of blockchain systems, it is difficult to cover the overall situation of blockchain systems, and test coverage is focused on covering particular vulnerability-related codes, with no consideration being given to test coverage integrity. Such as query blockchain transactions, query blocks, blockchain latest state, transaction fee queries, etc. that do not consider testing blockchain systems. In addition, the method transmits network data through the Web3 to carry out fuzzy test, and the method for carrying out fuzzy test through a network protocol has lower efficiency.
The Chinese patent application with the application publication number of CN114357459A provides an information security detection method for a blockchain system, which is used for carrying out security detection on each layer of the blockchain system and needs to construct a vulnerability database, but the mentioned fuzzy test method is used for carrying out security detection only aiming at an intelligent contract of the blockchain system and has low test coverage rate.
Disclosure of Invention
The invention aims to provide a fuzzy test method for a block chain network, which solves the problem of low test coverage rate for the block chain network in the prior art.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
A method for ambiguity testing for a blockchain network, comprising the steps of:
1) Generating a high-quality seed for fuzzy test according to the parameter type transmitted by the RPC interface, wherein the high-quality seed is used for representing a test seed supporting the parameter type transmitted by the RPC interface;
2) Changing the mode of each RPC interface for acquiring data;
3) And performing fuzzy test on the blockchain network by using the high-quality seeds.
In specific implementation, step 1) specifically includes:
1-1) sorting all types corresponding to each RPC interface transmission parameter related to a blockchain network, and defining a parameter type set P;
1-2) respectively generating seed data for different parameter types of the parameter type set P;
1-3) sorting the parameter types corresponding to the RPC interfaces;
1-4) generating high-quality seeds for the randomly selected RPC interfaces, and establishing a seed database for fuzzy test.
In a specific implementation, the preferred scheme includes the steps 1-4): randomly selecting one RPC interface, generating seeds as high-quality seeds according to each parameter type corresponding to the RPC interface based on the steps 1-1) -1-3, storing and establishing the seed database.
In specific implementation, the step 2) specifically includes: analyzing codes of the RPC interface related to the blockchain network, finding network data receiving codes related to the RPC interface, and changing the network data receiving codes to be obtained from local fuzzy testers, wherein one fuzzy tester is deployed as the local fuzzy tester for each node of the blockchain network.
In the implementation, preferably, a compiling tool provided by the fuzzy tester is used to compile the network data receiving code to generate a block chain program after the plug-in, so that the block chain program after the plug-in supports test coverage monitoring, and covers all RPC interface calls provided by the block chain network as much as possible, and guides the fuzzy tester to call all the RPC interfaces.
In implementation, the modification of the network data reception code of the RPC interface preferably follows the following logic:
acquiring fuzzy test data from the local fuzzy tester;
Randomly selecting one RPC interface and the parameter type thereof;
Converting the fuzzy test data into parameter types corresponding to the RPC interface;
and calling an RPC bottom layer method to process the parameter types and then transmitting the parameter types through the selected RPC interface.
In specific implementation, the step 3) specifically includes:
3-1) deploying a fuzzy test manager for the blockchain network, wherein the fuzzy test manager comprises a node management module, a node monitoring module and a test report module;
3-2) the node management module controls the plurality of nodes to perform a fuzzy test, wherein: for each node, taking a seed database and the inserted blockchain program as inputs of a local fuzzy tester;
3-3) the node monitoring module monitors the operation of each of the nodes, wherein: stopping the test if the test coverage rate of all the nodes is not increased within the specified time;
3-4) the test report module collects fuzzy test information of each node and generates a test report.
In the implementation, preferably, in the step 3-2), the selected plurality of nodes are deployed to different network areas, where the network areas are areas where different servers of the alicloud are located.
In the implementation, preferably, the node management module randomly selects one node for stopping or starting operation at intervals of set time.
In a specific implementation, the test report preferably includes IP information, crash information, test cases for causing crashes, and test coverage statistics of each node.
The invention has the advantages that:
According to the invention, the high-quality seeds are generated according to the RPC interface, the fuzzy test data are modified to be acquired from the local fuzzy tester, and the fuzzy test manager is deployed to implement the optimized test strategy on the blockchain network, so that the more comprehensive test on the blockchain network is effectively realized, the test coverage rate of the blockchain network is improved, the test efficiency is high, the response is quick, and the practicability is strong.
Drawings
FIG. 1 is a flow chart of an implementation of the method of the present invention for ambiguity testing for a blockchain network.
FIG. 2 is a schematic diagram of a blockchain network deployment fuzziness test manager.
Detailed Description
Blockchain networks are one of the most popular mature networks at present. Blockchain networks are in fact a collection of decentralized network nodes consisting of different participants that together maintain a ledger database that records all historical transactions, and blockchain networks use distributed consensus algorithms and cryptography techniques that make it extremely difficult for these ledger data to be altered at will by a participant, and therefore are considered as a decentralized distributed database. And a distributed system is a loosely coupled system of processors interconnected by communication lines.
The present invention proposes a method of fuzzing, referred to herein as a method of discovering software vulnerabilities by providing unexpected inputs to a target system and monitoring for anomalous results, for a blockchain network.
As shown in fig. 1, in particular, the method for ambiguity testing for a blockchain network according to the present invention includes the steps of:
1) And generating a high-quality seed for fuzzy test according to the parameter type transmitted by the RPC interface, wherein the high-quality seed is used for indicating the test seed supporting the parameter type transmitted by the RPC interface.
In order to improve the test coverage rate, the generated high-quality seeds should support the parameter types transmitted by each RPC interface of the blockchain network as widely as possible, and specifically include the following steps:
1-1) sorting all types corresponding to transmission parameters of each RPC interface related to a blockchain network, and defining a parameter type set P;
for example, take the ethernet as an example, the parameter type set P is defined as :(account{string:address,string:privateKey},transaction{string:address,BN:gas,string:gasPrice,string:nonce...},BN,array, boolen, string, contract_data)
Wherein accoun represents a data structure conforming to an Ethernet account type, transaction represents a data structure conforming to an Ethernet transaction type, BN represents a large number type, array represents an array type, boolen represents a Boolean type, string represents a character string type, and composition_data represents an intelligent contract data type.
1-2) Respectively generating seed data aiming at different parameter types of the parameter type set P;
For example, for the account data structure, web3.eth.accounts.create well-known methods are used for generation. For the transaction data structure, a composite type is represented, the subtype of the composite type is formed by other types, for example, for the Ethernet transaction, the subtype of the composite type is formed by string and BN, seed data of the subtype is generated first, and then the seed data of the transaction data structure is generated in a combined mode. For BN types, a random method generation of large data type library is used. For string types, belonging to the basic type, random function library is used for generation. For the contact_data type, representing the smart contract data type, the smart contract ABI dataset may be downloaded from the network first, and then massive seed data may be generated using the dataset and generalizing according to the ABI specification.
1-3) Sorting the parameter types corresponding to each RPC interface;
in practical implementation, each RPC interface and its corresponding parameter type may be sorted according to the following pseudo-code description:
{
"rpc_methods":[
{
"name": "defaultAccount",
"params": []
},{
"name": "getBlock",
"params":["BN"]
},{
"name": "sendTransaction",
"params":["transaction"]
},{
"name": "submitWork",
"params":["string", "string", "string"]
}
...
]
}
Wherein, "name" represents the name of the RPC interface, and "params" represents the parameter type corresponding to the RPC interface.
1-4) Generating high-quality seeds aiming at the randomly selected RPC interface, and establishing a seed database for fuzzy test;
In practical implementation, the method specifically includes: randomly selecting one RPC interface, based on the 1-1) -1-3), respectively generating seeds for each parameter type corresponding to the RPC interface as high-quality seeds, storing and establishing a seed database.
For example, a premium seed may be generated and a seed database built as described in the pseudocode below:
seeds_count = N
seeds = []
while N != 0:
# randomly select one RPC interface
rpc_name, rpc_param_types = random_select_rpc()
Respectively generating seeds for each parameter type of RPC interface
seed = generate_seed(rpc_name, rpc_param_types)
# Storage seed
seeds.push(seed)
N = N - 1
Seed write-in file is saved, and seed database is built
write_seeds_to_files(seeds)
2) And the mode of acquiring data by each RPC interface is changed, namely, the mode of acquiring data by each RPC interface from a network is changed into the mode of acquiring data from a local fuzzy tester, so that the testing efficiency is greatly improved.
The changing process is as follows: analyzing the code of the blockchain network involving the RPC interface, finding a network data receiving code for the RPC interface (i.e., the code that the RPC interface uses to receive network data), and altering the network data receiving code to be obtained from the local fuzzy tester. For each node in the blockchain network (fig. 2 shows a case where the blockchain network is designed with N nodes), one fuzzy tester is deployed for each node, denoted as a local fuzzy tester. In contrast to obtaining data from the network, the design objective of the local fuzzy tester is for the RPC interface to obtain data from the fuzzy tester deployed at the node (e.g., data may be obtained from memory), thereby improving test speed.
Further, compiling the network data reception code using a compiling tool provided by the fuzzy tester to generate a instrumented blockchain program, where the instrumented blockchain program supports test coverage (more precisely, fuzzy test code coverage) monitoring, and to improve the test coverage, should cover as much as possible all RPC interface calls provided by the blockchain network, directing the fuzzy tester to call all RPC interfaces, wherein the modification of the network data reception code of the RPC interfaces follows the logic described by the following pseudocode:
while true:
# obtaining fuzzy test data from the local fuzzy tester (fuzzy test data herein refers to byte array data generated by the fuzzy tester itself, which may be randomly generated or generated using a mutation algorithm, which is a common practice of fuzzy test engines)
bytes[] input= get_inputs_from_fuzzer()
Random selection of one RPC interface and its parameter type
rpc_name, rpc_param_types = random_select_rpc()
Converting the fuzzy test data into the parameter type corresponding to the RPC interface #
rpc_params = parse_params(input, rpc_param_types)
The parameter types are transferred and entered through the selected RPC interface after the existing RPC bottom layer method processing (after the processing such as parameter verification and the like is carried out, the blockchain internal processing function of the lower layer is called for relevant processing) is called
invoke(rpc_name, rpc_params)
3) And performing fuzzy test on the blockchain network by using the high-quality seeds.
The fuzzy test process specifically comprises the following steps:
3-1) deploying a fuzzy test manager for the blockchain network, wherein the fuzzy test manager comprises a node management module, a node monitoring module and a test report module;
3-2) the node management module controls the plurality of nodes to perform the fuzzy test, wherein: for each node, taking the seed database and the inserted blockchain program as the input of a local fuzzy tester;
3-3) the node monitoring module monitors the operation of each node, wherein: stopping the test if the test coverage rate of all the nodes is not increased within the specified time;
3-4) the test report module collects fuzzy test information of each node and generates a test report.
Specifically, in the present invention, a blockchain network is provided with a fuzzy test manager for managing, monitoring nodes and generating test reports. As shown in fig. 2, the fuzzy test manager includes a node management module, a node monitoring module, and a test report module, wherein:
the node management module is mainly used for deploying, starting and stopping the nodes, managing local fuzzy testers deployed on the nodes and the like.
Examples of ways in which the node management module performs fuzzy testing:
run_ fuzzer-i [ seed folder ] [ blockchain program after plug-in ]
The run_ fuzzer-i is used for starting the block chain program after the i node is inserted, and continuously generating new fuzzy test data according to the high-quality seeds in the seed folder to be input into the block chain program after the i node is inserted.
Preferably, the selected plurality of nodes should be deployed to different network areas. The real blockchain network (public network) is generally any node in the world, and data synchronization between each node has delay characteristics, so the blockchain network has delay in processing the data. In order to pursue higher test coverage, the real environment should be simulated as much as possible. Therefore, the network area here may be an area where different servers of the alicloud are located, so as to be able to simulate the real blockchain network situation. For example, in the network areas such as the china harbour area, the montreal area, the middle China area, the north China area and the like of the ari cloud server, when data are synchronized among nodes, due to factors such as network delay among the network areas and the like, data are terminated or the network is temporarily unreachable due to network factors, so that a data synchronization module of the blockchain network triggers the node synchronization data error processing code logic, and the test coverage rate can be improved.
In addition, in order to ensure that the error processing logic when the node data synchronization can be tested, the test coverage rate is further improved, and the node management module should randomly select one node for stopping or starting operation at intervals of set time (such as a plurality of minutes).
The node monitoring module is used for acquiring the fuzzy test state of the whole block chain network. Furthermore, in order to ensure that the test can be converged to stop the test, the node monitoring module should periodically collect the test coverage condition of each node, so that the fuzzy test can be stopped when the test coverage of all the monitored nodes no longer increases within a specified time, and unlimited test is avoided.
The test report module is used for collecting data generated by testing each node so as to generate a test report. The test report includes IP information, crash information, test cases causing crashes, test coverage statistics, etc. for each node.
In the present invention, RPC (Remote Procedure Call abbreviation, remote procedure call) is a set of protocols and interfaces for clients to interact with blockchain networks. The user can query the related information of the blockchain (such as the blocks, the heights of the blocks, the node connection and the like) and send transactions and the like through the RPC interface.
In the present invention, a p2p layer (Peer-to-Peer network) is a network layer in a blockchain that performs data transmission/synchronization (e.g., block synchronization, transaction synchronization, etc.) with neighboring nodes in a Peer-to-Peer manner.
According to the invention, the high-quality seeds are generated according to the RPC interface, the fuzzy test data are modified to be acquired from the local fuzzy tester, and the fuzzy test manager is deployed to implement the optimized test strategy on the blockchain network, so that the more comprehensive test on the blockchain network is effectively realized, the test coverage rate of the blockchain network is improved, the test efficiency is high, the response is quick, and the practicability is strong.
The foregoing is a description of the preferred embodiments of the present invention and the technical principles applied thereto, and it will be apparent to those skilled in the art that any modifications, equivalent changes, simple substitutions and the like based on the technical scheme of the present invention can be made without departing from the spirit and scope of the present invention.
Claims (5)
1. A method for ambiguity testing for a blockchain network, comprising the steps of:
1) Generating a high-quality seed for fuzzy test according to the parameter type transmitted by the RPC interface, wherein the high-quality seed is used for representing a test seed supporting the parameter type transmitted by the RPC interface;
2) Changing the mode of each RPC interface for acquiring data;
3) Performing fuzzy test on the blockchain network by using the high-quality seeds;
Wherein:
The step 2) comprises the following steps: analyzing codes of a blockchain network related to the RPC interface, finding network data receiving codes related to the RPC interface, and changing the network data receiving codes into the network data receiving codes obtained from local fuzzy testers, wherein one fuzzy tester is deployed as the local fuzzy tester for each node of the blockchain network;
the step 3) comprises the following steps:
3-1) deploying a fuzzy test manager for the blockchain network, wherein the fuzzy test manager comprises a node management module, a node monitoring module and a test report module;
3-2) the node management module controls the plurality of nodes to perform a fuzzy test, wherein: for each node, taking a seed database and the inserted blockchain program as inputs of a local fuzzy tester; starting the inserted blockchain program of the node, and continuously generating new fuzzy test data according to high-quality seeds in a seed folder to input the new fuzzy test data into the inserted blockchain program;
3-3) the node monitoring module monitors the operation of each of the nodes, wherein: stopping the test if the test coverage rate of all the nodes is not increased within the specified time;
3-4) the test report module collects fuzzy test information of each node and generates a test report;
in the step 3-2), the selected plurality of nodes are deployed to different network areas, wherein the network areas refer to areas where different servers of the oricloud are located;
Compiling the network data receiving codes by using a compiling tool provided by a fuzzy tester to generate a block chain program after being inserted so that the block chain program after being inserted supports test coverage monitoring, and calls all RPC interfaces provided by a block chain network are covered to guide the fuzzy tester to call all the RPC interfaces;
And the node management module randomly selects one node for stopping or starting operation at intervals of set time.
2. The method for ambiguity testing in a blockchain network of claim 1, wherein step 1) includes:
1-1) sorting all types corresponding to each RPC interface transmission parameter related to a blockchain network, and defining a parameter type set P;
1-2) respectively generating seed data for different parameter types of the parameter type set P;
1-3) sorting the parameter types corresponding to the RPC interfaces;
1-4) generating high-quality seeds for the randomly selected RPC interfaces, and establishing a seed database for fuzzy test.
3. The method for ambiguity testing in a blockchain network of claim 2, wherein steps 1-4) include: randomly selecting one RPC interface, generating seeds as high-quality seeds according to each parameter type corresponding to the RPC interface based on the steps 1-1) -1-3, storing and establishing the seed database.
4. The method for ambiguity testing for a blockchain network of claim 1, wherein the modification of the network data reception code of the RPC interface follows the logic of:
acquiring fuzzy test data from the local fuzzy tester;
Randomly selecting one RPC interface and the parameter type thereof;
Converting the fuzzy test data into parameter types corresponding to the RPC interface;
and calling an RPC bottom layer method to process the parameter types and then transmitting the parameter types through the selected RPC interface.
5. The method for fuzzification testing of a blockchain network of claim 1, wherein the test report includes IP information, crash information, test cases causing crashes, test coverage statistics for each of the nodes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310906031.2A CN116662207B (en) | 2023-07-24 | Fuzzy test method for block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310906031.2A CN116662207B (en) | 2023-07-24 | Fuzzy test method for block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116662207A CN116662207A (en) | 2023-08-29 |
| CN116662207B true CN116662207B (en) | 2024-07-12 |
Family
ID=
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107231251A (en) * | 2017-05-23 | 2017-10-03 | 中国电子科技集团公司第四十研究所 | A kind of multi-node collaborative control method of networked distributed test system |
| CN108304313A (en) * | 2017-01-13 | 2018-07-20 | 阿里巴巴集团控股有限公司 | It is a kind of for the device of data test, client and method |
| CN113485927A (en) * | 2021-07-06 | 2021-10-08 | 西安京迅递供应链科技有限公司 | Test data generation method, device, equipment and storage medium |
| CN113778879A (en) * | 2021-09-13 | 2021-12-10 | 上海幻电信息科技有限公司 | Fuzzy test method and device for interface |
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108304313A (en) * | 2017-01-13 | 2018-07-20 | 阿里巴巴集团控股有限公司 | It is a kind of for the device of data test, client and method |
| CN107231251A (en) * | 2017-05-23 | 2017-10-03 | 中国电子科技集团公司第四十研究所 | A kind of multi-node collaborative control method of networked distributed test system |
| CN113485927A (en) * | 2021-07-06 | 2021-10-08 | 西安京迅递供应链科技有限公司 | Test data generation method, device, equipment and storage medium |
| CN113778879A (en) * | 2021-09-13 | 2021-12-10 | 上海幻电信息科技有限公司 | Fuzzy test method and device for interface |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110650128B (en) | System and method for detecting digital currency stealing attack of Etheng | |
| Chun et al. | Netbait: a distributed worm detection service | |
| CN102130838B (en) | Method for realizing peer-to-peer network caching system based on Ares protocol | |
| CN110399373A (en) | A kind of block chain account book storage system, storage querying method and delet method | |
| US8560684B2 (en) | Network transaction discovery | |
| CN104699777B (en) | The correlating method and system of big data analysis excavation chain of command and service surface | |
| CN111490978B (en) | Distributed log auditing system and method based on state channel | |
| KR19990036331A (en) | Response time measuring device and method | |
| CN112861172B (en) | Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism | |
| CN102984140A (en) | Malicious software feature fusion analytical method and system based on shared behavior segments | |
| CN111179087B (en) | Alliance chain consensus method based on grid arbitration | |
| CN114389792B (en) | WEB log NAT (network Address translation) front-back association method and system | |
| CN111478795A (en) | Alliance block chain network consensus method based on mixed Byzantine fault tolerance | |
| CN101605132A (en) | A kind of method for identifying network data stream | |
| CN115278737B (en) | Data acquisition method of 5G network | |
| CN112688822A (en) | Edge computing fault or security threat monitoring system and method based on multi-point cooperation | |
| CN109525645A (en) | A kind of method and system for collecting the log of distributed storage cluster | |
| CN116662207B (en) | Fuzzy test method for block chain network | |
| CN110956463A (en) | Credible certificate storing method and system based on extensible distributed query system | |
| CN112417052B (en) | Data synchronization method, device, equipment and storage medium in block chain network | |
| CN116662207A (en) | Fuzzy test method for block chain network | |
| CN108418871A (en) | A kind of cloud storage performance optimization method and system | |
| CN112073254A (en) | Performance test method for Ethernet bay block chain | |
| CN115664992A (en) | Network operation data processing method and device, electronic equipment and medium | |
| CN112333174B (en) | Reflection-type DDos IP scanning detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |