JavaScript engine security test method and JavaScript engine security test system

A security testing and testing system technology, applied in software testing/debugging, biological neural network model, neural architecture, etc., can solve problems such as infeasibility, omission, and inability to trigger the deep logic of the engine, and achieve the effect of high grammatical correctness

Pending Publication Date: 2021-04-20
广州知图科技有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The random method can theoretically cover all vulnerabilities, but for test cases with complex structures such as JS code, most of the randomly generated or modified files will be rejected by the JS engine during the syntax checking stage due to grammatical errors, and cannot b...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • JavaScript engine security test method and JavaScript engine security test system
  • JavaScript engine security test method and JavaScript engine security test system
  • JavaScript engine security test method and JavaScript engine security test system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] see figure 1 , a JavaScript engine security testing method provided in this embodiment includes:

[0037] S1. Acquiring JavaScript test cases;

[0038]The input data for the present invention are test cases. The data set selected in this embodiment is the JavaScript code (https: / / www.sri.inf.ethz.ch / js150) obtained on Github, and the ECMAScript test set Test262 (https: / / github.com / tc39 / test262 ).

[0039] S2. Perform grammatical analysis on the test case to generate a corpus;

[0040] The syntax parsing part can be subdivided into three steps of renaming, parsing and conversion.

[0041] 1) renaming refers to each of the test cases, according to the order of appearance of the variables and function names in the test case, renaming the variables and the function names to obtain a renamed test case;

[0042] In order to enable the model to generate the second half of the sequence based on the first half of the sequence, or to generate a new sequence from scratch, the...

Embodiment 2

[0068] For the above method, the present invention also discloses a JS engine security testing system based on a syntax analyzer and a variational learner, please refer to Figure 4 , the system includes:

[0069] The test case obtaining module 201 is used for obtaining test cases.

[0070] The syntax analysis module 202 is configured to perform syntax analysis on the test case and generate a corpus. The tool for parsing code into AST is esprima.

[0071] The variational learner module 203 is used for training the learner and generating new corpus according to the corpus. The hardware information used by the learner is: graphics card Tesla V100 (single core), processor Intel Xeon CPU2.00GHz, memory 25GB.

[0072] The corpus assembly module 204 is used to assemble the new corpus output by the learner to obtain new test cases. The tool used to generate code from AST is escodegen.

[0073] The scanning and monitoring module 205 is used to input test cases into the JS engine ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a JavaScript engine security test method and a JavaScript engine security test system, relates to the field of computer network industry security, and aims to solve the problem of low JS engine test security. The test method comprises the following steps: acquiring a JavaScript test case; carrying out grammar analysis on the test case to generate a corpus; utilizing the corpus to build and train a recurrent neural network variation auto-encoder; utilizing the trained recurrent neural network variational auto-encoder to process hidden variables to generate a new corpus; assembling the new corpus into a new test case; and performing security testing on the system by utilizing the new test case. By using the method, the new JavaScript test case with high grammar accuracy can be efficiently generated, and a JS engine can be safely scanned.

Description

technical field [0001] The invention relates to the security field of the computer network industry, in particular to a JavaScript engine security testing method and testing system based on grammatical analysis technology and variational autoencoder. Background technique [0002] As the main entrance to the Internet, browser security vulnerabilities may cause information and property losses to many individuals and organizations. According to the 2017 statistics of the US National Vulnerability Database (NVD), 43% of browser vulnerabilities can be attributed to the browser's built-in JavaScript engine (referred to as JS engine; a program used to execute JavaScript code in web pages). Therefore, it is very important to build a safe Internet environment to test the JS engine of the browser and improve its safety factor. [0003] The main browser JS engines include SpiderMonkey (Firefox browser), V8 (Chrome browser; it is also the new engine of Edge browser, and the engine of n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06N3/04
Inventor 朱应龙
Owner 广州知图科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap