Search

CN-121980570-A - Fuzzy test method, device, electronic equipment and storage medium

CN121980570ACN 121980570 ACN121980570 ACN 121980570ACN-121980570-A

Abstract

The embodiment of the application discloses a fuzzy test method, a fuzzy test device, electronic equipment and a storage medium. The method comprises the steps of obtaining basic test data of a target program, inputting the basic test data into a pre-trained rule generation model, obtaining a target variation rule corresponding to the target program output by the rule generation model, analyzing the source code, the coverage rate data and the test log by the rule generation model, generating the target variation rule based on an analysis result and the basic variation rule, and generating a directional fuzzy test case of the target program based on the target variation rule. By the method, the rule generation model can identify the critical path and weak links in the program, so that the generated fuzzy test case can be tested more accurately for a specific code area or function, and blindness of the traditional fuzzy test is avoided.

Inventors

  • LI SHENGYUE

Assignees

  • 深信服科技股份有限公司

Dates

Publication Date
20260505
Application Date
20251209

Claims (12)

  1. 1. A method of ambiguity testing, the method comprising: basic test data of a target program are obtained, wherein the basic test data comprise source codes, coverage rate data, test logs and basic variation rules; Inputting the basic test data into a pre-trained rule generation model, and acquiring a target variation rule corresponding to the target program output by the rule generation model, wherein the rule generation model is used for analyzing the source code, the coverage rate data and the test log and generating the target variation rule based on an analysis result and the basic variation rule; and generating the directional fuzzy test case of the target program based on the target mutation rule.
  2. 2. The method according to claim 1, wherein the rule generating model includes an analysis module and a generating module, the inputting the basic test data into a pre-trained rule generating model, and obtaining a target mutation rule corresponding to the target program output by the rule generating model includes: inputting the source codes, the coverage rate data and the test log into the analysis module, and obtaining an uncovered code triggering condition list, coverage rate optimization suggestions and log analysis reports which are output by the analysis module; And inputting the uncovered code triggering condition list, the coverage optimization suggestion, the log analysis report and the basic mutation rule into the generation module, and obtaining a target mutation rule corresponding to the target program output by the generation module.
  3. 3. The method of claim 2, wherein the analysis module comprises a first analysis module, the inputting the source code, the coverage data, and the test log into the analysis module, obtaining an uncovered code trigger condition list, coverage optimization suggestions, log analysis reports output by the analysis module, comprising: The source codes are input into the first analysis module, an uncovered code trigger condition list of the source codes output by the first analysis module is obtained, and the first analysis module is used for carrying out semantic analysis on the source codes to output the uncovered code trigger condition list.
  4. 4. The method of claim 3, wherein the inputting the source code into the first analysis module, obtaining the uncovered code trigger condition list of the source code output by the first analysis module, comprises: Inputting fuzzy test configuration parameters and the source codes into the first analysis module, and converting the source codes into a preset format through the first analysis module to obtain the source codes in the preset format, wherein the fuzzy test configuration parameters are used for indicating a fuzzy test tool to be connected with the target program; And carrying out semantic analysis on the source codes in the preset format through the first analysis module to acquire the uncovered code triggering condition list output by the first analysis module.
  5. 5. The method of claim 3, wherein the analysis module further comprises a second analysis module, the inputting the source code, the coverage data, and the test log into the analysis module, obtaining an uncovered code trigger condition list, coverage optimization suggestions, log analysis reports output by the analysis module, and further comprising: The coverage rate data and the uncovered code trigger condition list are input into the second analysis module, a coverage rate analysis report and a coverage rate optimization suggestion output by the second analysis module are obtained, the second analysis module is used for carrying out structural processing on the coverage rate data, and the coverage rate analysis report and the coverage rate optimization suggestion are output based on a processing result and the uncovered code trigger condition.
  6. 6. The method of claim 5, wherein said inputting the coverage data and the uncovered code trigger condition list into the second analysis module, obtaining coverage analysis reports and coverage optimization suggestions output by the second analysis module, comprises: Inputting the coverage rate data and the uncovered code triggering condition list into the second analysis module, and carrying out structural processing on the coverage rate data through the second analysis module to obtain the coverage rate analysis report output by the second analysis module; And analyzing the coverage rate analysis report by combining the uncovered code triggering condition list through the second analysis module, and obtaining the coverage rate optimization suggestion output by the second analysis module.
  7. 7. The method of claim 5, wherein the analysis module further comprises a third analysis module, the inputting the source code, the coverage data, and the test log into the analysis module, obtaining an uncovered code trigger condition list, coverage optimization suggestions, log analysis reports output by the analysis module, and further comprising: Inputting the test log and the coverage rate analysis report into the third analysis module, obtaining a log analysis report output by the third analysis module, wherein the third analysis module is used for carrying out noise reduction and extraction processing on the test log, and carrying out association processing on a processed processing result and the coverage rate analysis report so as to output the log analysis report.
  8. 8. The method of claim 7, wherein the first analysis module is further configured to output a source code vulnerability risk analysis report, wherein the inputting the test log and the coverage rate analysis report into the third analysis module, obtaining the log analysis report output by the third analysis module, comprises: inputting the test log, the coverage rate analysis report and the source code vulnerability risk analysis report into the third analysis module, and carrying out noise reduction and extraction treatment on the test log through the third analysis module to obtain a treated test log; and performing association processing on the processed test log, the coverage rate analysis report and the source code vulnerability risk analysis report through the third analysis module to acquire a log analysis report output by the third analysis module.
  9. 9. The method of claim 1, wherein generating the directional fuzzy test case for the target program based on the target mutation rule further comprises: Operating the directional fuzzy test case, and acquiring coverage rate data and test logs of the directional fuzzy test case; and taking the target mutation rule, the coverage rate data of the directional fuzzy test case and the test log as the next input of the rule generation model.
  10. 10. A ambiguity test apparatus, said apparatus comprising: the first acquisition unit is used for acquiring basic test data of the target program, wherein the basic test data comprise source codes, coverage rate data, test logs and basic variation rules; The second acquisition unit is used for inputting the basic test data into a pre-trained rule generation model, acquiring a target variation rule corresponding to the target program output by the rule generation model, wherein the rule generation model is used for analyzing the source code, the coverage rate data and the test log and generating the target variation rule based on an analysis result and the basic variation rule; and the generating unit is used for generating the directional fuzzy test case of the target program based on the target variation rule.
  11. 11. An electronic device comprising one or more processors, one or more programs stored in the memory and configured to perform the method of any of claims 1-9 by the one or more processors.
  12. 12. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program code, wherein the program code, when being executed by a processor, performs the method of any of claims 1-9.

Description

Fuzzy test method, device, electronic equipment and storage medium Technical Field The application belongs to the technical field of neural networks, and particularly relates to a fuzzy test method, a fuzzy test device, electronic equipment and a storage medium. Background With the wide popularization of network services (cloud computing, internet of things and Web applications), the security of protocol programs has become a core element for guaranteeing the stable operation of a system. Fuzzy testing is used as a key technology of vulnerability mining, potential defects are triggered by inputting abnormal data into a target program, and the fuzzy testing takes an important role in the field of network security. However, there is significant blindness to the relevant fuzzy test method. Disclosure of Invention In view of the above problems, the present application proposes a fuzzy test method, apparatus, electronic device and storage medium to achieve improvement of the above problems. The embodiment of the application provides a fuzzy test method, which comprises the steps of obtaining basic test data of a target program, inputting the basic test data into a pre-trained rule generation model, obtaining a target variation rule corresponding to the target program, which is output by the rule generation model, wherein the rule generation model is used for analyzing the source code, the coverage rate data and the test log, generating the target variation rule based on an analysis result and the basic variation rule, and generating a directional fuzzy test case of the target program based on the target variation rule. Further, the rule generation model comprises an analysis module and a generation module, wherein the basic test data are input into the rule generation model trained in advance, the target mutation rule corresponding to the target program output by the rule generation model is obtained, the source code, the coverage rate data and the test log are input into the analysis module, the uncovered code trigger condition list, the coverage rate optimization suggestion and the log analysis report output by the analysis module are obtained, and the uncovered code trigger condition list, the coverage rate optimization suggestion, the log analysis report and the basic mutation rule are input into the generation module, so that the target mutation rule corresponding to the target program output by the generation module is obtained. According to the method, the source codes, the coverage rate data and the depth analysis of the test logs are analyzed through the analysis module, the uncovered code paths ‌ and the potential triggering conditions can be accurately identified ‌, the actual running scene and the abnormal situation of the codes can be further understood by combining the log analysis report, the information and the basic variation rules are combined, the generation module can generate the target variation rules ‌ which are more in accordance with the actual requirements of ‌, so that the variation test is not blind any more, and the weak links are tested in a targeted manner, and the test efficiency is remarkably improved. ‌ A Further, the analysis module comprises a first analysis module, wherein the source code, the coverage rate data and the test log are input into the analysis module, and the acquisition of an uncovered code trigger condition list, coverage rate optimization suggestions and log analysis reports output by the analysis module comprises the steps of inputting the source code into the first analysis module, acquiring an uncovered code trigger condition list of the source code output by the first analysis module, and performing semantic analysis on the source code by the first analysis module to output the uncovered code trigger condition list. Through the method, through semantic analysis, the module can deeply understand code logic, accurately identify code paths and boundary conditions which are not covered by the existing test cases, and is helpful for pertinently supplementing the test cases and avoiding blind tests, and the generated uncovered code triggering condition list provides an explicit target for the tests, so that test resources can be preferentially input into the most critical and most error-likely code areas, and the test efficiency ‌ is remarkably improved. Further, the step of inputting the source code into the first analysis module to obtain an uncovered code trigger condition list of the source code output by the first analysis module includes inputting fuzzy test configuration parameters and the source code into the first analysis module, converting the source code into a preset format through the first analysis module to obtain the source code in the preset format, wherein the fuzzy test configuration parameters are used for indicating a fuzzy test tool to establish connection with the target program, and carrying out semantic analysis on the source code in th