Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and apparatus for fuzzy test of Javascript engine based on path feedback

A fuzzing and engine technology, applied in the field of network security, can solve the problems of low Javascript engine vulnerability, small number of effective mutation samples, etc., and achieve the effect of improving the technical effect of possibility and efficiency

Active Publication Date: 2019-03-12
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of this, the object of the present invention is to provide a Javascript engine fuzzing method and device based on path feedback, to alleviate the existing Javascript engine fuzzing method to obtain a small number of mutation effective samples, resulting in Javascript based on mutation effective samples. During the engine fuzzing test, the possibility of testing Javascript engine vulnerabilities is low for technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and apparatus for fuzzy test of Javascript engine based on path feedback
  • A method and apparatus for fuzzy test of Javascript engine based on path feedback
  • A method and apparatus for fuzzy test of Javascript engine based on path feedback

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] According to an embodiment of the present invention, an embodiment of a Javascript engine fuzzing method based on path feedback is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions , and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0029] figure 1 It is a Javascript engine fuzzing method based on path feedback according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:

[0030] Step S102, obtaining a test sample set of the Javascript engine;

[0031]Step S104, mutating each test sample to be mutated in the test sample set to obtain a mutated sample, and sending the mutated sample to the Javascript engine, so that the Javascript engine performs a fuz...

Embodiment 2

[0066] The present invention also provides a Javascript engine fuzz testing device based on path feedback, the system is used to execute the Javascript engine fuzz testing method based on path feedback provided by the above-mentioned content of the embodiments of the present invention, the following is based on the method provided by the embodiment of the present invention Specific introduction of Javascript engine fuzz testing device based on path feedback

[0067] Such as image 3 As shown, the device includes: an acquisition unit 10, a sample generation unit 20, a path feedback unit 30, a crash monitoring unit 40 and an execution unit 50, wherein,

[0068] The acquisition unit 10 is used to acquire the test sample set of the Javascript engine;

[0069] The sample generation unit 20 is used to mutate each test sample to be mutated in the test sample set to obtain a mutation sample, and send the mutation sample to the Javascript engine, so that the Javascript engine is based...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Javascript engine fuzziness testing method and device based on path feedback, which relates to the technical field of network security, comprising the following steps: obtaining a test sample set of a Javascript engine; Mutation is carried out on each test sample to be mutated in the test sample set to obtain mutation samples, and the mutation samples are sent to the Javascript engine so that the Javascript engine performs fuzzy test based on the mutation samples; Obtaining the execution path bitmap of mutation samples in the fuzzy testing process; If it is detected that the Javascript engine does not crash in the process of fuzzy testing based on the mutation sample, it is judged whether the mutation sample is the mutation valid sample based on the execution pathbitmap. If so, adding a mutation valid sample to the set of test samples, Fuzzy testing of the Javascript engine with the added set of test samples, The invention solves the technical problem that themutation valid samples can not be determined in the existing Javascript engine fuzzy testing methods, which leads to the low efficiency of the Javascript engine fuzzy testing based on the mutation valid samples.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a Javascript engine fuzz testing method and device based on path feedback. Background technique [0002] At present, as the gateway to the Internet, the security of the browser is receiving more and more attention. As the main component of the browser, the security of the Javascript engine has also attracted much attention. Due to the characteristics of the Javascript engine, it is relatively simple to develop and exploit vulnerabilities based on the Javascript engine, and the harm it brings will be more serious than other vulnerabilities. [0003] Mainstream browsers such as Chrome, firefox, Edge, and IE all implement their own Javascript engines, and different implementations make different Javascript engines have different vulnerabilities. Different vulnerabilities require that when performing fuzz testing, it is necessary to develop fuzz testing tools according to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 熊文彬范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products