摘 要:基于突变的模糊测试是目前最流行的漏洞发现解决方案之一,该方案以提升测试程序执行路径数和分支覆盖率为导向,基于智能算法生成测试用例,从而提高发现漏洞的效率。然而现有的灰盒模糊器测试目标为文件解析程序,往往难以有效应用于大型软件工程中。文章分析了大型软件工程对模糊测试的需求,引入基于单元测试的模糊测试平台。在开源软件工程上的实验证明,相较于传统模糊测试工具,该平台可对软件工程进行高效的模糊测试。
关键词:网络安全;漏洞挖掘;模糊测试;单元测试
DOI:10.19850/j.cnki.2096-4706.2021.10.017
中图分类号:TP309 文献标识码:A 文章编号:2096-4706(2021)10-0069-05
Research on Fuzzy Test Platform Based on Unit Test Cases
ZHANG Jinxin,LIU Yicheng
(Nanjing Zhongxing New Software Co.,Ltd.,Nanjing 210012,China)
Abstract:Fuzzy test based on mutation is one of the most popular vulnerability discovery solutions at present. The scheme is oriented to improve the number of test program execution paths and branch coverage,and generates test cases based on intelligent algorithms,so as to improve the efficiency of vulnerability discovery. However,the existing gray box fuzzier test target is file parsing program,which is often difficult to be effectively applied to large-scale software engineering. This paper analyzes the requirements of large-scale software engineering to fuzzy test,and introduces a fuzzy test platform based on unit test. Experiments on open source software engineering show that compared with traditional fuzzy test tools,the platform can perform efficient fuzzy test on software engineering.
Keywords:network security;vulnerability mining;fuzzy test;unit test
参考文献:
[1] MANÈS V J M,HAN H S,HAN C,et al. The art, science,and engineering of fuzzing:A survey [J/OL].arXiv: 1812.00140 [cs.CR].(2019-04-08).https://arxiv.org/abs/1812.00140v4.
[2] PHAM V T,BÖHME M,SANTOSA A E,et al. Smart Greybox Fuzzing [J/OL].arXiv:1811.09447 [cs.CR].(2018-11-23). https://arxiv.org/abs/1811.09447.
[3] Zalewski M. American fuzzy lop (2017)[EB/OL]. [2021-03- 16].http://lcamtuf.coredump.cx/afl,2014,14:28.
[4] MACKINNON T,FREEMAN S,CRAIG P. Endo-testing: unit testing with mock objects [J]. Extreme programming examined, 2001:287-301.
[5] GREN L,ANTINYAN V. On the Relation Between Unit Testing and Code Quality [C]//2017 43rd Euromicro Conference on Software Engineering and Advanced Applications(SEAA).Vienna: IEEE,2017:52-56.
[6] Lyu C,Ji S,Zhang C,et al. MOPT:Optimized Mutation Scheduling for Fuzzers[C]//28th USENIX Security Symposium (USENIX Security 19). 2019:1949-1966. https://www.usenix.org/ conference/usenixsecurity19/presentation/lyu
作者简介:张金鑫(1990—),男,汉族,江苏南京人,中级 工程师,硕士,研究方向:网络安全;刘奕成(1996—),男,汉族, 安徽淮北人,渗透测试工程师,本科,研究方向:网络安全。