[go: up one dir, main page]

CN104978532B - A kind of bug-fixing client logic testing method and bug-fixing client logic testing system - Google Patents

A kind of bug-fixing client logic testing method and bug-fixing client logic testing system Download PDF

Info

Publication number
CN104978532B
CN104978532B CN201510373043.9A CN201510373043A CN104978532B CN 104978532 B CN104978532 B CN 104978532B CN 201510373043 A CN201510373043 A CN 201510373043A CN 104978532 B CN104978532 B CN 104978532B
Authority
CN
China
Prior art keywords
vulnerability
simulated
patch
repair
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510373043.9A
Other languages
Chinese (zh)
Other versions
CN104978532A (en
Inventor
张钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510373043.9A priority Critical patent/CN104978532B/en
Publication of CN104978532A publication Critical patent/CN104978532A/en
Application granted granted Critical
Publication of CN104978532B publication Critical patent/CN104978532B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Computer And Data Communications (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

本申请提供了一种漏洞修复客户端逻辑的测试方法及系统,以解决漏洞修复客户端逻辑的测试耗费时间,影响效率的问题。所述的方法包括:漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识;漏洞修复客户端遍历所有模式以完成整个测试过程;若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。本申请下载补丁和安装补丁都非常快速,缩短了修复客户端逻辑的测试的时间,提高了测试的效率。

The present application provides a method and system for testing logic of a vulnerability repairing client to solve the problem that the testing of the logic of the vulnerability repairing client is time-consuming and affects efficiency. The method includes: the vulnerability repairing client scans the system according to a pattern to find simulated vulnerabilities; if the simulated vulnerabilities are found, then download corresponding simulated vulnerability patches from the vulnerability library of the server, and the simulated The vulnerability patch is used to generate a simulated vulnerability repair logo on the basis of retaining the original system files of the system; install the simulated vulnerability patch and generate a corresponding simulated vulnerability repair logo; the vulnerability repair client traverses all modes to complete the entire testing process; if If all the above processes are executed normally, the test of the vulnerability repair client logic is passed. This application downloads and installs patches very quickly, which shortens the test time for repairing client logic and improves test efficiency.

Description

一种漏洞修复客户端逻辑的测试方法及系统A testing method and system for vulnerability repair client logic

技术领域technical field

本申请涉及测试技术领域,特别是涉及一种漏洞修复客户端逻辑的测试方法及系统。The present application relates to the technical field of testing, in particular to a testing method and system for loophole repair client logic.

背景技术Background technique

漏洞修复客户端通过漏洞库(libleak)中的配置条件,扫描系统中的有哪些需修复的漏洞,所述配置条件如,文件存在的检测,文件版本号的检测,注册表项的检测等。用户可以选择要修复的漏洞进行修复。修复时首先从外网服务器上下载对应的补丁,然后由漏洞修复客户端调用该补丁对漏洞进行修复。The vulnerability repair client scans the system for vulnerabilities that need to be repaired through the configuration conditions in the vulnerability library (libleak), such as detection of file existence, detection of file version number, detection of registry entries, etc. Users can select the vulnerabilities they want to fix and fix them. When repairing, first download the corresponding patch from the external network server, and then the vulnerability repair client calls the patch to repair the vulnerability.

漏洞修复客户端在执行时涉及到各种逻辑,包括开机弹窗修复,后台修复,主界面修复,补丁包签名校验,下载域名校验,竞品逻辑,弹窗逻辑等。每次对漏洞修复客户端修改后,都需要对上述的逻辑逐一的进行测试,来测试漏洞修复客户端在执行上述的逻辑步骤中是否会出现问题,具体实施中将漏洞修复客户端的一个逻辑作为测试的一个模式,因此测试所对应的模式会有几百甚至上千条之多。但不是所有补丁都适合用于测试的,而对于适合用于测试的补丁执行对应模式进行测试时,需要下载对应的补丁并执行修复操作,但是一个系统中的漏洞不可能无穷多的,必然会出现所有适合用于测试补丁都修补完的情况。因此通常挑选典型的补丁来测试漏洞修复客户端的所有模式。The execution of the vulnerability repair client involves various logics, including startup pop-up window repair, background repair, main interface repair, patch package signature verification, download domain name verification, competing product logic, pop-up window logic, etc. Every time the vulnerability repair client is modified, the above logic needs to be tested one by one to test whether there will be problems in the implementation of the above logical steps on the vulnerability repair client. In the specific implementation, a logic of the vulnerability repair client is used as A mode of the test, so there will be hundreds or even thousands of modes corresponding to the test. But not all patches are suitable for testing, and when testing the patches suitable for testing in the corresponding mode, you need to download the corresponding patches and perform repair operations. A situation arises in which all suitable patches for testing have been patched. So typical patches are usually picked to test all modes of bugfix clients.

在这个过程中,系统扫描到漏洞并确认可以修补后,漏洞修复客户端需要下载补丁,一个真实的补丁在修复漏洞时往往需要执行很多的操作,因此补丁也比较大,会导致补丁的下载比较耗时。下载补丁后进行安装时,所述补丁需要执行释放并更新系统文件等操作,因此还需要重启才能使补丁生效,按照补丁过程也比较耗时。In this process, after the system scans the vulnerability and confirms that it can be patched, the vulnerability patch client needs to download the patch. A real patch often needs to perform a lot of operations when patching the vulnerability, so the patch is relatively large, which will result in a relatively large patch download. time consuming. When installing the patch after downloading, the patch needs to perform operations such as releasing and updating system files, so a restart is required to make the patch take effect, and the patch process is also time-consuming.

综上所述,运用补丁来执行测试用例以测试漏洞修复客户端的逻辑时,无论是下载补丁和安装补丁都非常的耗费时间,影响测试的效率。To sum up, when using patches to execute test cases to test the logic of the vulnerability repair client, both downloading and installing patches are very time-consuming and affect the efficiency of testing.

发明内容Contents of the invention

本申请提供了一种漏洞修复客户端逻辑的测试方法及系统,以解决漏洞修复客户端逻辑的测试耗费时间,影响效率的问题。The present application provides a method and system for testing logic of a vulnerability repair client to solve the problem that the test of the logic of the vulnerability repair client is time-consuming and affects efficiency.

为了解决上述问题,本申请公开了一种漏洞修复客户端逻辑的测试方法,包括:In order to solve the above problems, this application discloses a testing method for vulnerability repair client logic, including:

漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities;

若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;If the simulated loophole is found, download the corresponding simulated loophole patch from the loophole database of the server, and the simulated loophole patch is used to generate the simulated loophole repair mark on the basis of retaining the original system files of the system;

安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成;Installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification, the simulated vulnerability repair identification is used to identify the completion of the simulated vulnerability repair;

漏洞修复客户端遍历所有模式以完成整个测试过程;The vulnerability repair client traverses all modes to complete the entire testing process;

若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。If all the above processes are performed normally, the test of the vulnerability repair client logic is passed.

优选的,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识之后,下一模式执行测试之前还包括:Preferably, after installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification, before executing the test in the next mode, it also includes:

删除生成的模拟漏洞修复标识。Delete the generated simulated bugfix ID.

优选的,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,Preferably, the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory,

所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities, including:

漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability.

优选的,所述模拟的漏洞为系统特定的注册表项不存在模拟漏洞修复数据,Preferably, the simulated vulnerability is that there is no simulated vulnerability repair data in the system-specific registry key,

所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities, including:

漏洞修复客户端按照一种模式扫描系统特定的注册表项是否存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the system-specific registry entries for simulated vulnerability repair data according to a pattern. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability.

优选的,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,包括:Preferably, said installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification includes:

安装该模拟的漏洞补丁,并在系统特定的存储目录下生成对应的模拟漏洞修复文件。Install the simulated vulnerability patch, and generate a corresponding simulated vulnerability repair file in a system-specific storage directory.

优选的,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,包括:Preferably, said installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification includes:

安装该模拟的漏洞补丁,并在系统特定的注册表项上添加对应的模拟漏洞修复数据。Install the simulated vulnerability patch, and add corresponding simulated vulnerability repair data on the system-specific registry key.

优选的,针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。Preferably, for the vulnerability database storing simulated vulnerability patches, a server containing the vulnerability database is established in advance on the intranet.

优选的,在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向内网模拟服务器。Preferably, a vulnerability repair client is set up on the local test machine, and the patch download domain name of the local test machine is pointed to the intranet simulation server in advance.

优选的,预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名。Preferably, the simulated vulnerability patch is pre-written and named according to the naming method of the real patch.

优选的,预先将所述模拟的漏洞补丁保存在模拟服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁名称中包含补丁编号。Preferably, the simulated vulnerability patch is stored in the vulnerability library of the simulation server in advance, and the information of the simulated vulnerability patch and the patch number are added to the vulnerability library, wherein the name of the simulated vulnerability patch includes the patch number.

优选的,预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁。Preferably, simulated vulnerability information is added to the vulnerability repair client in advance, and the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch.

相应的,本申请还公开了一种漏洞修复客户端逻辑的测试系统,包括:Correspondingly, the present application also discloses a test system for vulnerability repair client logic, including:

第一模式测试模块,具体包括以下3个子模块:The first mode test module specifically includes the following three sub-modules:

扫描漏洞子模块,用于漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;The vulnerability scanning sub-module is used for the vulnerability repair client to scan the system according to a pattern to find simulated vulnerabilities;

下载补丁子模块,用于若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;Download the patch sub-module, which is used to download the corresponding simulated vulnerability patch from the vulnerability database of the server if the simulated vulnerability is found, and the simulated vulnerability patch is used to generate the simulated vulnerability patch on the basis of retaining the original system file Simulate vulnerability repair logo;

安装补丁子模块,用于安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成;Install the patch submodule, which is used to install the simulated vulnerability patch and generate a corresponding simulated vulnerability repair identifier, and the simulated vulnerability repair identifier is used to identify that the simulated vulnerability repair is completed;

其他模式测试模块,用于漏洞修复客户端遍历所有模式以完成整个测试过程;Other mode testing modules, used for vulnerability repair client to traverse all modes to complete the whole testing process;

结果模块,用于若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。The result module is used to pass the test of the vulnerability repair client logic if all the above processes are executed normally.

优选的,所述第一模式测试模块,还包括:Preferably, the first mode test module also includes:

删除补丁子模块,用于删除生成的模拟漏洞修复标识。Delete the patch submodule, which is used to delete the generated simulated vulnerability repair identifier.

优选的,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块,包括:Preferably, the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule includes:

第一扫描漏洞单元,用于漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The first vulnerability scanning unit is used for the vulnerability repair client to scan the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If there is no simulated vulnerability, the simulated vulnerability is found; otherwise, no simulated vulnerability is found.

优选的,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块,包括:Preferably, the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule includes:

第二扫描漏洞单元,用于漏洞修复客户端按照一种模式扫描系统特定的注册表项不存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The second scanning vulnerability unit is used for the vulnerability repair client to scan system-specific registry entries according to a pattern if there is no simulated vulnerability repair data. If there is no simulated vulnerability repair data, the simulated vulnerability is found, otherwise no simulated vulnerability is found.

优选的,所述安装补丁子模块包括:Preferably, the patch submodule installation includes:

第一安装补丁单元,用于安装该模拟的漏洞补丁,并在系统特定的存储目录下生成对应的模拟漏洞修复文件。The first patch installation unit is configured to install the simulated vulnerability patch, and generate a corresponding simulated vulnerability repair file in a system-specific storage directory.

第二安装补丁单元,用于安装该模拟的漏洞补丁,并在系统特定的注册表项上添加对应的模拟漏洞修复数据。The second patch installation unit is configured to install the simulated vulnerability patch, and add corresponding simulated vulnerability repair data to a system-specific registry entry.

优选的,所述的系统还包括:Preferably, the system also includes:

建立服务器及漏洞库模块,用于针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。The server and vulnerability database module is established, which is used to establish a server containing the vulnerability database in advance on the intranet for the vulnerability database storing simulated vulnerability patches.

预设下载域名模块,用于在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向内网模拟服务器。The preset download domain name module is used to set the vulnerability repair client on the local test machine, and point the patch download domain name of the local test machine to the intranet simulation server in advance.

编写并命名补丁模块,用于预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名Write and name the patch module, which is used to pre-write simulated vulnerability patches and name them according to the naming method of real patches

保存补丁模块,用于预先将所述模拟的漏洞补丁保存在模拟服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁的名称中包含补丁编号。Preserving the patch module is used to store the simulated vulnerability patches in the vulnerability database of the simulation server in advance, and add information and patch numbers of the simulated vulnerability patches in the vulnerability database, wherein the simulated vulnerability patches include in the name of patch number.

添加信息模块,用于预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁。The adding information module is used to pre-add simulated vulnerability information in the vulnerability repair client, and the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch.

与现有技术相比,本申请包括以下优点:Compared with the prior art, the present application includes the following advantages:

首先,本申请使用模拟的漏洞来替代真实的漏洞,对应用模拟的漏洞补丁来替代真实的漏洞补丁。因此漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识,因此模拟的漏洞补丁比较小,下载速度比较快。然后安装该模拟的漏洞补丁并生成模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成,漏洞修复客户端遍历所有模式以完成整个测试过程,若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。本申请安装补丁时不需要更新系统文件,安装速度非常快。由此可见本申请下载补丁和安装补丁都非常快速,缩短了修复客户端逻辑的测试的时间,提高了测试的效率。First, this application uses simulated vulnerabilities to replace real vulnerabilities, and the simulated vulnerability patches are used to replace real vulnerability patches. Therefore, the vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities. If a simulated vulnerability is found, it downloads the corresponding simulated vulnerability patch from the vulnerability library of the server. The simulated vulnerability patch is in On the basis of retaining the original system files of the system, it is used to generate a simulated vulnerability repair logo, so the simulated vulnerability patch is relatively small and the download speed is relatively fast. Then install the simulated vulnerability patch and generate a simulated vulnerability repair identifier, the simulated vulnerability repair identifier is used to identify the completion of the simulated vulnerability repair, and the vulnerability repair client traverses all modes to complete the entire testing process, if all of the above-mentioned processes are executed normally, Then the test of the vulnerability repair client logic is passed. This application does not need to update system files when installing patches, and the installation speed is very fast. It can be seen that the downloading and installation of the patch are very fast in this application, which shortens the test time for repairing the client logic and improves the test efficiency.

其次,因为某一逻辑的测试执行完毕后,还需要用该补丁测试其他的逻辑,因此需要卸载该补丁。现有技术在卸载时对需要将系统还原到未修补之前的状态,即要将更新的系统文件删除,并将修改的注册表还原,因此就需要对系统进行重启,同样非常耗时。本申请的漏洞修复客户端在执行一个模式的测试时仅生成了模拟漏洞修复标识,因此该模式测试执行完毕后,下一模式执行测试之前,只需将模拟漏洞修复标识删除即可,即只需删除模拟漏洞修复文件,或删除模拟漏洞修复数据,不需要重启,非常的节省时间,进一步的提高了测试的效率。Secondly, after the test of a certain logic is completed, other logic needs to be tested with this patch, so the patch needs to be uninstalled. In the prior art, when uninstalling, the system needs to be restored to the state before it was not patched, that is, the updated system files will be deleted, and the modified registry will be restored. Therefore, the system needs to be restarted, which is also very time-consuming. The vulnerability repair client of this application only generates a simulated vulnerability repair logo when executing a test mode. Therefore, after the test in this mode is completed and before the test is performed in the next mode, it only needs to delete the simulated bug repair logo. It is necessary to delete the simulated vulnerability repair file, or delete the simulated vulnerability repair data, without restarting, which saves time and further improves the efficiency of testing.

再次,本申请采用模拟的漏洞来替代真实的漏洞,因此可以根据预设的模拟的漏洞对模拟的漏洞的设置进行控制。因此在扫描时,只需扫描系统特定的存储目录下是否存在模拟漏洞修复文件,或扫描系统特定的注册表项是否存在模拟漏洞修复数据,即可快速的查找到漏洞,进一步的提高了测试的效率。Again, the present application uses simulated loopholes to replace real loopholes, so the setting of the simulated loopholes can be controlled according to the preset simulated loopholes. Therefore, when scanning, you only need to scan whether there is a simulated vulnerability repair file in the system-specific storage directory, or scan whether there is simulated vulnerability repair data in a system-specific registry item, and you can quickly find the vulnerability, which further improves the testing efficiency. efficiency.

再次,本申请针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器,可以控制漏洞补丁的下载环境,因此下载漏洞补丁时不会受到外网环境的影响,进一步提高了漏洞补丁的下载速度。Again, this application aims at storing the vulnerability database of the simulated vulnerability patch, and establishes a server containing the vulnerability database in advance on the intranet, which can control the download environment of the vulnerability patch, so that the download of the vulnerability patch will not be affected by the external network environment, and further Increased download speed for exploit patches.

附图说明Description of drawings

图1是本申请实施例所述一种漏洞修复客户端逻辑的测试方法流程图;Fig. 1 is a flow chart of a test method for vulnerability repair client logic described in the embodiment of the present application;

图2是本申请实施例所述一种漏洞修复客户端逻辑的测试系统结构图。FIG. 2 is a structural diagram of a test system for a vulnerability repair client logic according to an embodiment of the present application.

具体实施方式Detailed ways

为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请作进一步详细的说明。In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

现有技术在测试漏洞修复客户端的逻辑时,系统扫描到漏洞并确认可以修补后,漏洞修复客户端需要从外网的由于网络环境的限制,会导致补丁的下载比较耗时。下载补丁后进行安装时,所述补丁需要释放并更新系统文件,还要修改注册表等,修补过程也比较耗时。In the existing technology, when testing the logic of the vulnerability repair client, after the system scans the vulnerability and confirms that it can be repaired, the vulnerability repair client needs to download the patch from the external network due to the limitation of the network environment, which will result in time-consuming downloading of the patch. When installing after downloading the patch, the patch needs to release and update system files, and also modify the registry, etc., and the patching process is also time-consuming.

本申请提供一种漏洞修复客户端逻辑的测试方法,在对漏洞进行修复时下载补丁和安装补丁都非常快速,提高了测试的效率。This application provides a testing method for the client logic of vulnerability repair. When the vulnerability is repaired, downloading and installing the patch are very fast, which improves the efficiency of the test.

参照图1,给出了本申请实施例所述一种漏洞修复客户端逻辑的测试方法流程图。Referring to FIG. 1 , it shows a flow chart of a testing method for vulnerability repair client logic according to an embodiment of the present application.

步骤11,漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;Step 11, the vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities;

漏洞修复客户端在执行时涉及到各种逻辑,包括开机弹窗修复,后台修复,主界面修复,补丁包签名校验,下载域名校验,竞品逻辑,弹窗逻辑等。每次对漏洞修复客户端修改后,都需要对上述的逻辑逐一的进行测试,来测试漏洞修复客户端在执行上述的逻辑步骤中是否会出现问题,具体实施中将漏洞修复客户端的一个逻辑作为测试的一个模式。The execution of the vulnerability repair client involves various logics, including startup pop-up window repair, background repair, main interface repair, patch package signature verification, download domain name verification, competing product logic, pop-up window logic, etc. Every time the vulnerability repair client is modified, the above logic needs to be tested one by one to test whether there will be problems in the implementation of the above logical steps on the vulnerability repair client. In the specific implementation, a logic of the vulnerability repair client is used as A pattern for testing.

漏洞修复客户端在测试某个逻辑时,会按照对应的模式对系统进行扫描以查找模拟的漏洞。因此在漏洞修复客户端测试一种逻辑时,会按照一种模式对系统进行扫描,通过扫描来查找系统中是否存在模拟的漏洞。其中,所述一种逻辑是漏洞修复客户端测试的第一个逻辑。When the vulnerability repair client is testing a certain logic, it will scan the system according to the corresponding pattern to find simulated vulnerabilities. Therefore, when testing a logic on the vulnerability repair client, the system will be scanned according to a pattern to find out whether there are simulated vulnerabilities in the system. Wherein, the one kind of logic is the first logic of the vulnerability repair client test.

步骤12,若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;Step 12, if the simulated vulnerability is found, download the corresponding simulated vulnerability patch from the vulnerability library of the server, and the simulated vulnerability patch is used to generate the simulated vulnerability repair identification on the basis of retaining the original system files of the system ;

具体实施中,若上述扫描中查找到了模拟的漏洞并确认修复漏洞,则从内网模拟服务器的漏洞库中下载对应所述的模拟的漏洞补丁。In specific implementation, if a simulated vulnerability is found in the above scanning and it is confirmed to fix the vulnerability, then download the simulated vulnerability patch from the vulnerability library of the intranet simulation server.

其中,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识。所述模拟漏洞修复标识用于标识该漏洞已经被修复了。Wherein, the simulated vulnerability patch is used to generate a simulated vulnerability repair identifier on the basis of retaining the original system files of the system. The simulated vulnerability repair identifier is used to identify that the vulnerability has been fixed.

步骤13,安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识;Step 13, installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identifier;

由上述可知,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复文件。因此下载模拟的漏洞补丁后,需要安装该模拟的漏洞补丁以修复对应的漏洞,在安装模拟的漏洞补丁时不修改原有系统中的系统文件,仅生成对应的模拟漏洞修复标识即可完成漏洞的修复。It can be known from the above that the simulated vulnerability patch is used to generate a simulated vulnerability repair file on the basis of retaining the original system files of the system. Therefore, after downloading the simulated vulnerability patch, it is necessary to install the simulated vulnerability patch to repair the corresponding vulnerability. When installing the simulated vulnerability patch, the system files in the original system are not modified, and only the corresponding simulated vulnerability patch is generated to complete the vulnerability. repair.

其中,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成。Wherein, the simulated vulnerability repair identifier is used to identify the completion of simulated vulnerability repair.

步骤13执行后,漏洞修复客户端的一种模式执行完毕,若所述一种模式执行正常,则执行步骤14,否则对所述一种模式进行调试,直至测试执行正常。After step 13 is executed, one mode of the vulnerability repair client is executed. If the one mode is executed normally, then step 14 is executed; otherwise, the one mode is debugged until the test execution is normal.

步骤14,漏洞修复客户端遍历所有模式以完成整个测试过程;Step 14, the vulnerability repair client traverses all modes to complete the entire testing process;

漏洞修复客户端接下来遍历所有模式,分别对每个模式执行上述步骤11到步骤13的过程,直到漏洞修复客户端的所有模式执行完毕,整个测试过程执行完毕。Next, the vulnerability repair client traverses all modes, and executes the process from step 11 to step 13 above for each mode, until all modes of the vulnerability repair client are executed, and the entire testing process is completed.

步骤15,若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。Step 15, if all the above processes are performed normally, the test of the vulnerability repair client logic is passed.

否则漏洞修复客户端逻辑的测试不通过,可以对执行出现错误的地方进行调试。Otherwise, the test of the vulnerability repair client logic fails, and you can debug the place where the execution error occurs.

综上所述,本申请使用模拟的漏洞来替代真实的漏洞,对应用模拟的漏洞补丁来替代真实的漏洞补丁。因此漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识,因此模拟的漏洞补丁比较小,下载速度比较快。然后安装该模拟的漏洞补丁并生成模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成,漏洞修复客户端遍历所有模式以完成整个测试过程,若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。本申请安装补丁时不需要更新系统文件,也不需要修改注册表,安装速度非常快。由此可见本申请下载补丁和安装补丁都非常快速,缩短了修复客户端逻辑的测试的时间,提高了测试的效率。To sum up, this application uses simulated vulnerabilities to replace real vulnerabilities, and uses simulated vulnerability patches to replace real vulnerability patches. Therefore, the vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities. If a simulated vulnerability is found, it downloads the corresponding simulated vulnerability patch from the vulnerability library of the server. The simulated vulnerability patch is in On the basis of retaining the original system files of the system, it is used to generate a simulated vulnerability repair logo, so the simulated vulnerability patch is relatively small and the download speed is relatively fast. Then install the simulated vulnerability patch and generate a simulated vulnerability repair identifier, the simulated vulnerability repair identifier is used to identify the completion of the simulated vulnerability repair, and the vulnerability repair client traverses all modes to complete the entire testing process, if all of the above-mentioned processes are executed normally, Then the test of the vulnerability repair client logic is passed. This application does not need to update system files or modify the registry when installing the patch, and the installation speed is very fast. It can be seen that the downloading and installation of the patch are very fast in this application, which shortens the test time for repairing the client logic and improves the test efficiency.

优选的,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识之后,下一模式执行测试之前还包括:Preferably, after installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification, before executing the test in the next mode, it also includes:

删除生成的模拟漏洞修复标识。Delete the generated simulated bugfix ID.

具体实施中,可以编写对应的删除程序来删除模拟漏洞修复标识,还可以在漏洞修复客户端对应模式测试完毕后,添加删除语句来删除模拟漏洞修复标识,本申请对次不做限定。In the specific implementation, you can write a corresponding deletion program to delete the simulated vulnerability repair logo, and you can also add a delete statement to delete the simulated vulnerability repair logo after the corresponding mode test of the vulnerability repair client is completed. This application does not limit this time.

因为漏洞修复客户端在执行时涉及到各种逻辑,测试时会将漏洞修复客户端的一个逻辑作为测试的一个模式,但不是所有补丁都适合用于测试的,因此通常挑选典型的补丁来测试漏洞修复客户端的所有模式。在某一模式执行完毕后,还需要用该补丁执行其他模式的测试,因此需要卸载该补丁。Because the execution of the vulnerability repair client involves various logics, a logic of the vulnerability repair client will be used as a test mode during testing, but not all patches are suitable for testing, so typical patches are usually selected to test vulnerabilities Fix all modes of the client. After a certain mode is executed, the patch needs to be used to perform tests in other modes, so the patch needs to be uninstalled.

现有技术在卸载时对需要将系统还原到未修补之前的状态,即要将更新的系统文件删除,并将修改的注册表还原,因此就需要对系统进行重启,同样非常耗时。In the prior art, when uninstalling, the system needs to be restored to the state before it was not patched, that is, the updated system files will be deleted, and the modified registry will be restored. Therefore, the system needs to be restarted, which is also very time-consuming.

本申请的漏洞修复客户端在执行一个模式的测试时仅生成了模拟漏洞修复标识,因此该模式测试执行完毕后,下一模式执行测试之前,只需将模拟漏洞修复标识删除即可,不需重启,非常的节省时间,进一步的提高了测试的效率。The vulnerability repair client of this application only generates a simulated vulnerability repair logo when executing a test mode. Therefore, after the test in this mode is completed and before the test is executed in the next mode, it is only necessary to delete the simulated bug repair logo. Restarting saves a lot of time and further improves the efficiency of testing.

优选的,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:Preferably, the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the vulnerability repair client scans the system according to a mode to find the simulated vulnerability, including:

漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability.

可以预先设定系统扫描的模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,例如,设定扫描到系统的C盘不存在zz.dat文件时,该系统存在漏洞,反之,若扫描到c:\zz.dat的情况,即扫描到系统的C盘存在zz.dat文件,则该系统不存在漏洞。The simulated vulnerability scanned by the system can be pre-set to be a simulated vulnerability repair file that does not exist in the system-specific storage directory. For example, if the zz. If c:\zz.dat is found in the scan, that is, the zz.dat file exists in the C drive of the system, then the system does not have a vulnerability.

因此漏洞修复客户端按照某一模式扫描系统时,可以扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。Therefore, when the vulnerability repair client scans the system according to a certain pattern, it can scan whether there is a simulated vulnerability repair file in the specific storage directory of the system. If it does not exist, it will find the simulated vulnerability, otherwise it will not find the simulated vulnerability.

例如漏洞修复客户端按照一种模式扫描系统时,可以扫描系统特定的存储目录即C盘下,是否存在模拟漏洞修复文件即zz.dat。若扫描到系统的C盘不存在zz.dat文件,则查找到了模拟的漏洞,若扫描到系统的C盘存在zz.dat文件,则没有查找到模拟的漏洞。For example, when the vulnerability repair client scans the system according to a mode, it can scan the specific storage directory of the system, that is, the C drive, for the existence of the simulated vulnerability repair file, namely zz.dat. If the zz.dat file does not exist in the C drive of the system, the simulated vulnerability is found; if the zz.dat file exists in the C drive of the system, the simulated vulnerability is not found.

对应此种模拟的漏洞,所述模拟漏洞修复标识为模拟漏洞修复文件,因此安装该模拟的漏洞补丁时,会在系统特定的存储目录下生成对应的模拟漏洞修复文件。Corresponding to this simulated vulnerability, the simulated vulnerability repair is identified as a simulated vulnerability repair file, so when the simulated vulnerability patch is installed, a corresponding simulated vulnerability repair file will be generated in a specific storage directory of the system.

对应该模式测试执行完毕后,下一模式执行测试之前,只需删除模拟漏洞修复文件即可。After the corresponding mode test is executed, before the next mode executes the test, it is only necessary to delete the simulated vulnerability repair file.

优选的,所述模拟的漏洞为系统特定的注册表项不存在模拟漏洞修复数据,所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:Preferably, the simulated vulnerability is that there is no simulated vulnerability repair data in a system-specific registry item, and the vulnerability repair client scans the system according to a pattern to find the simulated vulnerability, including:

漏洞修复客户端按照一种模式扫描系统特定的注册表项是否存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the system-specific registry entries for simulated vulnerability repair data according to a pattern. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability.

漏洞修复客户端按照一种模式扫描系统,可以预先设定系统扫描的模拟的漏洞为系统特定的注册表项是否存在模拟漏洞修复数据,例如,设定系统的某个注册表的某一项的数据为x,若扫描后返回值为0,则该注册表项没有模拟漏洞修复数据,该系统存在漏洞,反之,若扫描后返回值为x,则该系统不存在漏洞。The vulnerability repair client scans the system according to a mode, and the simulated vulnerability scanned by the system can be pre-set whether there is simulated vulnerability repair data in a system-specific registry item, for example, setting the value of a certain item in a certain registry of the system The data is x, if the return value is 0 after scanning, then the registry entry does not have simulated vulnerability repair data, and the system has a vulnerability; otherwise, if the return value is x after scanning, then the system does not have a vulnerability.

对应此种模拟的漏洞,所述模拟漏洞修复标识为模拟漏洞修复文件,因此安装该模拟的漏洞补丁时,会在系统特定的注册表项生成对应的模拟漏洞修复数据。Corresponding to this simulated vulnerability, the simulated vulnerability repair is identified as a simulated vulnerability repair file, so when the simulated vulnerability patch is installed, corresponding simulated vulnerability repair data will be generated in a system-specific registry entry.

对应该模式测试执行完毕后,下一模式执行测试之前,只需删除模拟漏洞修复数据即可。After the test of this mode is completed, before the test of the next mode is executed, it is only necessary to delete the simulated vulnerability repair data.

系统按照对应的模式执行扫描时,可以根据预设模拟的漏洞进行扫描,若扫描到模拟的漏洞,则对应执行修复操作,否则继续按其他模式进行扫描,直到测试结束。When the system scans according to the corresponding mode, it can scan according to the preset simulated vulnerabilities. If the simulated vulnerabilities are scanned, the corresponding repair operation will be performed. Otherwise, continue to scan in other modes until the end of the test.

本申请采用模拟的漏洞来替代真实的漏洞,因此可以根据预设的模拟的漏洞对模拟的漏洞的设置进行控制。因此在扫描时,只需扫描系统特定的存储目录下是否存在模拟漏洞修复文件,或扫描系统特定的注册表项是否存在模拟漏洞修复数据,即可快速的查找到漏洞,进一步的提高了测试的效率。This application uses simulated vulnerabilities to replace real vulnerabilities, so the settings of simulated vulnerabilities can be controlled according to the preset simulated vulnerabilities. Therefore, when scanning, you only need to scan whether there is a simulated vulnerability repair file in the system-specific storage directory, or scan whether there is simulated vulnerability repair data in a system-specific registry item, and you can quickly find the vulnerability, which further improves the testing efficiency. efficiency.

优选的,针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。Preferably, for the vulnerability database storing simulated vulnerability patches, a server containing the vulnerability database is established in advance on the intranet.

模拟的漏洞补丁需要存储在漏洞库中,在扫描到模拟的漏洞时才能在漏洞库中下载到对应所述的模拟的漏洞补丁。因此可以预先建立服务器,所述服务器是针对上述漏洞库而建立的。并且可以将服务器建立在内网中,所述内网是执行测试的本地测试及所连接的内部网络,因此可以控制网络环境,使得补丁的下载速度不会受到网络环境的影响。The simulated vulnerability patch needs to be stored in the vulnerability database, and the simulated vulnerability patch corresponding to the above can be downloaded in the vulnerability database when the simulated vulnerability is scanned. Therefore, a server can be established in advance, and the server is established for the above-mentioned vulnerability database. And the server can be established in the intranet, which is the local test and the connected internal network for performing the test, so the network environment can be controlled, so that the download speed of the patch will not be affected by the network environment.

优选的,在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向服务器。Preferably, a vulnerability repair client is set up on the local test machine, and the patch download domain name of the local test machine is pre-pointed to the server.

本申请会将漏洞修复客户端设置在本地测试机上,漏洞修复客户端需要从服务器的漏洞库中下载模拟的漏洞补丁,因此可以预先修改本地测试机的host文件,将本地测试机的补丁下载域名指向服务器,例如指向上述的内网服务器。This application will set the vulnerability repair client on the local test machine. The vulnerability repair client needs to download the simulated vulnerability patch from the server's vulnerability database. Therefore, the host file of the local test machine can be modified in advance, and the patch download domain name of the local test machine Point to the server, such as pointing to the above-mentioned intranet server.

优选的,预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名。Preferably, the simulated vulnerability patch is pre-written and named according to the naming method of the real patch.

本申请会预先编写模拟的漏洞补丁并根据真实补丁的命名方式对模拟的漏洞补丁进行命名。真实补丁的命名方式通常包含补丁针对的系统,不定的唯一标识,对应的平台和某种语言的系统。This application will pre-write the simulated vulnerability patch and name the simulated vulnerability patch according to the naming method of the real patch. The naming method of the real patch usually includes the system targeted by the patch, the variable unique identifier, the corresponding platform and the system of a certain language.

例如,预先编写一个exe程序,将所述exe程序作为模拟的漏洞补丁,则可设置该exe程序仅在c:\目录下生成一个zz.dat的文件,则对应的模拟漏洞修复文件为zz.dat。将该exe程序命名为WindowsXP-kb444441-x86-chs.exe,则模拟的漏洞补丁名称为WindowsXP-kb444441-x86-chs,该名称是根据真实补丁的命名方式进行命名的,即代表WindowsXP系统下,补丁的唯一标识即补丁编号为kb444441,x86平台,chs为中文系统。For example, if an exe program is written in advance, and the exe program is used as a simulated vulnerability patch, then the exe program can be set to only generate a zz.dat file in the c:\ directory, and the corresponding simulated vulnerability repair file is zz. dat. Name the exe program WindowsXP-kb444441-x86-chs.exe, then the simulated vulnerability patch name is WindowsXP-kb444441-x86-chs, which is named according to the naming method of the real patch, which means that under the WindowsXP system, The unique identifier of the patch is the patch number kb444441, x86 platform, chs is the Chinese system.

优选的,预先将所述模拟的漏洞补丁保存在服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁名称中包含补丁编号。Preferably, the simulated vulnerability patch is stored in the vulnerability database of the server in advance, and the information of the simulated vulnerability patch and the patch number are added to the vulnerability database, wherein the name of the simulated vulnerability patch includes the patch number.

预先在内网中搭建模拟服务器,并在模拟服务器中设置漏洞库,模拟服务器中漏洞库模拟真实服务器中漏洞库的环境。可以预先将模拟的漏洞补丁保存在模拟服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,,其中所述模拟的漏洞补丁名称中包含补丁编号,例如上例中模拟的漏洞补丁名称为WindowsXP-kb444441-x86-chs,其中kb444441为补丁编号。其中每一个补丁编号是补丁的唯一标识,因此都是唯一的。Set up a simulation server in the intranet in advance, and set up a vulnerability library in the simulation server. The vulnerability library in the simulation server simulates the environment of the vulnerability library in the real server. The simulated vulnerability patch can be stored in the vulnerability library of the simulation server in advance, and the information of the simulated vulnerability patch and the patch number are added to the vulnerability library, wherein the name of the simulated vulnerability patch contains the patch number, such as in the above example The name of the simulated vulnerability patch is WindowsXP-kb444441-x86-chs, where kb444441 is the patch number. Each of the patch numbers is the unique identifier of the patch, so they are all unique.

优选的,预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁。Preferably, simulated vulnerability information is added to the vulnerability repair client in advance, and the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch.

漏洞修复客户端逻辑的测试中需要扫描模拟的漏洞并下载对应所述的模拟的漏洞补丁,因此可以预先在漏洞修复客户端中添加模拟的漏洞信息,根据所述模拟的漏洞信息中的漏洞标识扫描查找模拟的漏洞,查找到漏洞后,还可以根据所述模拟的漏洞信息中的补丁标识查找到对应模拟的漏洞补丁。In the logic test of the vulnerability repair client, it is necessary to scan the simulated vulnerability and download the corresponding simulated vulnerability patch. Therefore, the simulated vulnerability information can be added to the vulnerability repair client in advance, and the vulnerability identification in the simulated vulnerability information The simulated vulnerability is scanned to find, and after the vulnerability is found, the corresponding simulated vulnerability patch can also be found according to the patch identifier in the simulated vulnerability information.

具体实施中,可以根据上述两种模拟的漏洞设置漏洞标识,对应根据服务器的漏洞库中模拟的漏洞补丁的设置,对补丁标识配置相同的设置,使得在查找到模拟的漏洞后,根据所述补丁标识查找到对应模拟的漏洞补丁时,可以在内网模拟服务器的漏洞库中查找到针对该模拟的漏洞对应的模拟的漏洞补丁并执行下载。In the specific implementation, the vulnerability identification can be set according to the above two simulated vulnerabilities, corresponding to the settings of the simulated vulnerability patches in the vulnerability database of the server, and the same settings can be configured for the patch identification, so that after finding the simulated vulnerabilities, according to the When the patch identifier finds the corresponding simulated vulnerability patch, you can find the simulated vulnerability patch corresponding to the simulated vulnerability in the vulnerability database of the intranet simulation server and execute the download.

本申请分别统计了在具体实施中,漏洞修复客户端使用真实的漏洞补丁和使用模拟的漏洞补丁的时间,下面以此为例具体论述具体数据如表1:This application counts the time spent using real vulnerability patches and simulated vulnerability patches by the vulnerability repair client in the specific implementation. The following uses this as an example to discuss the specific data as shown in Table 1:

表1Table 1

从表1的数据可知漏洞修复客户端使用真实的漏洞补丁进行测试时,每一个模式的测试需要时间大致为483-1343s。而漏洞修复客户端使用模拟的漏洞补丁进行测试时,每一个模式的测试需要时间大致为14-24s。From the data in Table 1, it can be seen that when the vulnerability repair client uses the real vulnerability patch to test, the test time of each mode is roughly 483-1343s. When the vulnerability repair client uses the simulated vulnerability patch for testing, the test time for each mode is roughly 14-24s.

在使用真实的漏洞补丁进行测试时,下载补丁、安装补丁、重启使补丁生效、卸载补丁和卸载后重启的时间均不少于100s,非常的耗费时间。另外在win7系统中的安装真实的补丁时,还存在xp系统没有的系统内部修复机制,故安装时间会更长When testing with a real vulnerability patch, it takes no less than 100 seconds to download the patch, install the patch, restart to make the patch take effect, uninstall the patch, and restart after uninstalling, which is very time-consuming. In addition, when installing the real patch in the win7 system, there is still an internal system repair mechanism that the xp system does not have, so the installation time will be longer

而使用模拟的漏洞补丁进行测试时,仅下载补丁时间最长却也只有10s,可将使用模拟的漏洞补丁进行测试的时间非常快速,极大的提高了测试效率,并且测试过程中无需任何重启的步骤,可利用自动化程序执行快速执行测试,进一步提高了测试效率。When using the simulated vulnerability patch for testing, the longest time to download the patch is only 10s. The test time using the simulated vulnerability patch is very fast, which greatly improves the test efficiency and does not require any restart during the test The steps can be executed quickly by using the automated program, which further improves the test efficiency.

参照图2,给出了本申请实施例所述一种漏洞修复客户端逻辑的测试系统结构图。Referring to FIG. 2 , it shows a structural diagram of a testing system for a vulnerability repair client logic in the embodiment of the present application.

相应的,本申请还提供了一种漏洞修复客户端逻辑的测试系统,包括第一模式测试模块15,其他模式测试模块16和结果模块17,其中,Correspondingly, the present application also provides a vulnerability repair client logic testing system, including a first mode testing module 15, other mode testing modules 16 and a result module 17, wherein,

第一模式测试模块15,具体包括以下3个子模块:The first mode test module 15 specifically includes the following 3 submodules:

扫描漏洞子模块151,用于漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;The vulnerability scanning sub-module 151 is used for the vulnerability repair client to scan the system according to a mode to find simulated vulnerabilities;

下载补丁子模块152,用于若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;Download patch sub-module 152, if find the simulated loophole, then download the loophole patch corresponding to the simulation from the loophole storehouse of server, the loophole patch of described simulation is used on the basis of retaining the original system file of the system Generate a simulated vulnerability repair logo;

安装补丁子模块153,用于安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成;Install the patch sub-module 153, which is used to install the simulated vulnerability patch and generate a corresponding simulated vulnerability repair identifier, and the simulated vulnerability repair identifier is used to identify that the simulated vulnerability repair is completed;

其他模式测试模块16,用于漏洞修复客户端遍历所有模式以完成整个测试过程;Other pattern testing module 16, is used for loophole repair client traversing all patterns to complete the whole testing process;

结果模块17,用于若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过。The result module 17 is configured to pass the test of the vulnerability repair client logic if all the above processes are performed normally.

优选的,所述的系统还包括:Preferably, the system also includes:

删除补丁子模块154,用于删除生成的模拟漏洞修复标识。The delete patch submodule 154 is used to delete the generated simulated vulnerability repair identifier.

所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块151,包括:The simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule 151 includes:

第一扫描漏洞单元1511,用于漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The first vulnerability scanning unit 1511 is used for the vulnerability repair client to scan the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If there is no simulated vulnerability, the simulated vulnerability is found; otherwise, no simulated vulnerability is found.

所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块151,包括:The simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule 151 includes:

第二扫描漏洞单元1512,用于漏洞修复客户端按照一种模式扫描系统特定的注册表项不存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The second scanning vulnerability unit 1512 is used for the vulnerability repairing client to scan system-specific registry entries according to a pattern if there is no simulated vulnerability repair data. If there is no simulated vulnerability, the simulated vulnerability is found; otherwise, no simulated vulnerability is found.

安装补丁子模块153,包括:Install patch submodule 153, including:

第一安装补丁单元1531,用于安装该模拟的漏洞补丁,并在系统特定的存储目录下生成对应的模拟漏洞修复文件。The first patch installation unit 1531 is configured to install the simulated vulnerability patch, and generate a corresponding simulated vulnerability repair file in a system-specific storage directory.

第二安装补丁单元1532,用于安装该模拟的漏洞补丁,并在系统特定的注册表项上添加对应的模拟漏洞修复数据。The second patch installation unit 1532 is configured to install the simulated vulnerability patch, and add corresponding simulated vulnerability repair data to a system-specific registry entry.

建立服务器及漏洞库模块10,用于针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。Establishing the server and vulnerability database module 10 is used for establishing a server containing the vulnerability database on the intranet in advance for the vulnerability database storing simulated vulnerability patches.

预设下载域名模块11,用于在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向内网模拟服务器。The preset download domain name module 11 is used to set the vulnerability repair client on the local test machine, and point the patch download domain name of the local test machine to the intranet simulation server in advance.

编写并命名补丁模块12,用于预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名Write and name patch module 12, which is used to pre-write simulated vulnerability patches and name them according to the naming method of real patches

保存补丁模块13,用于预先将所述模拟的漏洞补丁保存在模拟服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁的名称中包含补丁编号。Preserve patch module 13, be used for preserving the vulnerability patch of described simulation in the vulnerability storehouse of simulation server, and add the information and the patch number of the vulnerability patch of simulation in the vulnerability storehouse, wherein in the name of the vulnerability patch of described simulation Contains the patch number.

漏洞修复客户端逻辑的测试中会对每一的模式分别测试,对应该模式的某个模式测试模块同扫描漏洞子模块141相同,都包含相应的子模块,例如扫描漏洞子模块、下载补丁子模块、安装补丁子模块和删除补丁子模块。In the test of the vulnerability repair client logic, each mode will be tested separately. The test module corresponding to a certain mode of the mode is the same as the scanning vulnerability sub-module 141, and both include corresponding sub-modules, such as the scanning vulnerability sub-module and the download patch sub-module. module, install patch submodule, and remove patch submodule.

添加信息模块14,用于预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁。The information adding module 14 is configured to pre-add simulated vulnerability information in the vulnerability repair client, and the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch.

对于系统实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the related parts, please refer to the part of the description of the method embodiment.

本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other.

本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

最后,还需要说明的是,在本文中,诸如一种和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as one and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of, or also include elements inherent in, such a process, method, commodity, or apparatus. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

以上对本申请所提供的一种漏洞修复客户端逻辑的测试方法及系统,进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The above is a detailed introduction to the testing method and system of a vulnerability repair client logic provided by this application. In this paper, specific examples are used to illustrate the principle and implementation of this application. The description of the above embodiment is only for To help understand the method and its core idea of this application; at the same time, for those of ordinary skill in the art, according to the idea of this application, there will be changes in the specific implementation and application scope. In summary, the content of this specification It should not be construed as a limitation of the application.

Claims (18)

1.一种漏洞修复客户端逻辑的测试方法,其特征在于,包括:1. A test method for vulnerability repair client logic, characterized in that, comprising: 预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁;Adding simulated vulnerability information in the vulnerability repair client in advance, the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch; 所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities; if a simulated vulnerability is found, it downloads the corresponding simulated vulnerability patch from the vulnerability library of the server, and the simulated vulnerability patch On the basis of retaining the original system files of the system, it is used to generate a simulated vulnerability repair logo; 安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成;Installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification, the simulated vulnerability repair identification is used to identify the completion of the simulated vulnerability repair; 漏洞修复客户端遍历所有模式以完成整个测试过程;The vulnerability repair client traverses all modes to complete the entire testing process; 若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过;If all the above processes are performed normally, the test of the vulnerability repair client logic is passed; 其中,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识之后,下一模式执行测试之前还包括:Wherein, after installing the simulated vulnerability patch and generating the corresponding simulated vulnerability repair identification, before performing the test in the next mode, it also includes: 删除生成的模拟漏洞修复标识,以实现所述模拟的漏洞补丁的卸载。The generated simulated vulnerability patch identification is deleted, so as to realize the uninstallation of the simulated vulnerability patch. 2.根据权利要求1所述的方法,其特征在于,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,2. The method according to claim 1, characterized in that, the simulated loophole is that there is no simulated loophole repair file under the specific storage directory of the system, 所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities, including: 漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability. 3.根据权利要求1所述的方法,其特征在于,所述模拟的漏洞为系统特定的注册表项不存在模拟漏洞修复数据,3. The method according to claim 1, characterized in that, the simulated loophole is that there is no simulated loophole repair data in the system-specific registry entry, 所述漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞,包括:The vulnerability repair client scans the system according to a pattern to find simulated vulnerabilities, including: 漏洞修复客户端按照一种模式扫描系统特定的注册表项是否存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The vulnerability repair client scans the system-specific registry entries for simulated vulnerability repair data according to a pattern. If it does not exist, it finds the simulated vulnerability, otherwise it does not find the simulated vulnerability. 4.根据权利要求2所述的方法,其特征在于,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,包括:4. The method according to claim 2, wherein said installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification comprises: 安装该模拟的漏洞补丁,并在系统特定的存储目录下生成对应的模拟漏洞修复文件。Install the simulated vulnerability patch, and generate a corresponding simulated vulnerability repair file in a system-specific storage directory. 5.根据权利要求3所述的方法,其特征在于,所述安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,包括:5. The method according to claim 3, wherein said installing the simulated vulnerability patch and generating a corresponding simulated vulnerability repair identification comprises: 安装该模拟的漏洞补丁,并在系统特定的注册表项上添加对应的模拟漏洞修复数据。Install the simulated vulnerability patch, and add corresponding simulated vulnerability repair data on the system-specific registry key. 6.根据权利要求1所述的方法,其特征在于,还包括:6. The method according to claim 1, further comprising: 针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。For the vulnerability library storing simulated vulnerability patches, a server containing the vulnerability library is established in advance on the intranet. 7.根据权利要求1所述的方法,其特征在于,还包括:7. The method of claim 1, further comprising: 在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向服务器。Set up the vulnerability repair client on the local test machine, and point the patch download domain name of the local test machine to the server in advance. 8.根据权利要求1所述的方法,其特征在于,还包括:8. The method of claim 1, further comprising: 预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名。Pre-write simulated vulnerability patches and name them according to the naming method of real patches. 9.根据权利要求8所述的方法,其特征在于,还包括:9. The method according to claim 8, further comprising: 预先将所述模拟的漏洞补丁保存在服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁名称中包含补丁编号。The simulated vulnerability patch is stored in the vulnerability database of the server in advance, and the information of the simulated vulnerability patch and the patch number are added to the vulnerability database, wherein the name of the simulated vulnerability patch includes the patch number. 10.一种漏洞修复客户端逻辑的测试系统,其特征在于,包括:10. A test system for vulnerability repair client logic, characterized in that, comprising: 添加信息模块,用于预先在漏洞修复客户端中添加模拟的漏洞信息,所述模拟的漏洞信息用于标识模拟的漏洞和对应模拟的漏洞补丁;Adding an information module is used to add simulated vulnerability information in the vulnerability repair client in advance, and the simulated vulnerability information is used to identify the simulated vulnerability and the corresponding simulated vulnerability patch; 第一模式测试模块,具体包括以下3个子模块:The first mode test module specifically includes the following three sub-modules: 扫描漏洞子模块,用于漏洞修复客户端按照一种模式对系统进行扫描以查找模拟的漏洞;The vulnerability scanning sub-module is used for the vulnerability repair client to scan the system according to a pattern to find simulated vulnerabilities; 下载补丁子模块,用于若查找到模拟的漏洞,则从服务器的漏洞库中下载对应所述的模拟的漏洞补丁,所述模拟的漏洞补丁在保留系统原有系统文件的基础上用于生成模拟漏洞修复标识;Download the patch sub-module, which is used to download the corresponding simulated vulnerability patch from the vulnerability database of the server if the simulated vulnerability is found, and the simulated vulnerability patch is used to generate the simulated vulnerability patch on the basis of retaining the original system file Simulate vulnerability repair logo; 安装补丁子模块,用于安装该模拟的漏洞补丁并生成对应的模拟漏洞修复标识,所述模拟漏洞修复标识用于标识模拟的漏洞修复完成;Install the patch submodule, which is used to install the simulated vulnerability patch and generate a corresponding simulated vulnerability repair identifier, and the simulated vulnerability repair identifier is used to identify that the simulated vulnerability repair is completed; 其他模式测试模块,用于漏洞修复客户端遍历所有模式以完成整个测试过程;Other mode testing modules, used for vulnerability repair client to traverse all modes to complete the whole testing process; 结果模块,用于若上述所有过程都执行正常,则漏洞修复客户端逻辑的测试通过;The result module is used to pass the test of the vulnerability repair client logic if all the above processes are executed normally; 删除补丁子模块,用于删除生成的模拟漏洞修复标识,以实现所述模拟的漏洞补丁的卸载。The delete patch sub-module is used to delete the generated simulated vulnerability patch identification, so as to realize the uninstallation of the simulated vulnerability patch. 11.根据权利要求10所述的系统,其特征在于,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块,包括:11. The system according to claim 10, wherein the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule includes: 第一扫描漏洞单元,用于漏洞修复客户端按照一种模式扫描系统特定的存储目录下是否存在模拟漏洞修复文件,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The first vulnerability scanning unit is used for the vulnerability repair client to scan the specific storage directory of the system according to a pattern to see if there is a simulated vulnerability repair file. If there is no simulated vulnerability, the simulated vulnerability is found; otherwise, no simulated vulnerability is found. 12.根据权利要求10所述的系统,其特征在于,所述模拟的漏洞为系统特定的存储目录下不存在模拟漏洞修复文件,所述扫描漏洞子模块,包括:12. The system according to claim 10, wherein the simulated vulnerability is that there is no simulated vulnerability repair file under the system-specific storage directory, and the scanning vulnerability submodule includes: 第二扫描漏洞单元,用于漏洞修复客户端按照一种模式扫描系统特定的注册表项不存在模拟漏洞修复数据,若不存在,则查找到模拟的漏洞,否则没有查找到模拟的漏洞。The second scanning vulnerability unit is used for the vulnerability repair client to scan system-specific registry entries according to a pattern if there is no simulated vulnerability repair data. If there is no simulated vulnerability repair data, the simulated vulnerability is found, otherwise no simulated vulnerability is found. 13.根据权利要求11所述的系统,其特征在于,安装补丁子模块包括:13. The system according to claim 11, wherein installing the patch submodule comprises: 第一安装补丁单元,用于安装该模拟的漏洞补丁,并在系统特定的存储目录下生成对应的模拟漏洞修复文件。The first patch installation unit is configured to install the simulated vulnerability patch, and generate a corresponding simulated vulnerability repair file in a system-specific storage directory. 14.根据权利要求12所述的系统,其特征在于,安装补丁子模块包括:14. The system according to claim 12, wherein installing the patch submodule comprises: 第二安装补丁单元,用于安装该模拟的漏洞补丁,并在系统特定的注册表项上添加对应的模拟漏洞修复数据。The second patch installation unit is configured to install the simulated vulnerability patch, and add corresponding simulated vulnerability repair data to a system-specific registry entry. 15.根据权利要求10所述的系统,其特征在于,还包括:15. The system of claim 10, further comprising: 建立服务器及漏洞库模块,用于针对存储模拟的漏洞补丁的漏洞库,预先在内网建立包含所述漏洞库的服务器。The server and vulnerability database module is established, which is used to establish a server containing the vulnerability database in advance on the intranet for the vulnerability database storing simulated vulnerability patches. 16.根据权利要求10所述的系统,其特征在于,还包括:16. The system of claim 10, further comprising: 预设下载域名模块,用于在本地测试机上设置漏洞修复客户端,预先将本地测试机的补丁下载域名指向内网模拟服务器。The preset download domain name module is used to set the vulnerability repair client on the local test machine, and point the patch download domain name of the local test machine to the intranet simulation server in advance. 17.根据权利要求10所述的系统,其特征在于,还包括:17. The system of claim 10, further comprising: 编写并命名补丁模块,用于预先编写模拟的漏洞补丁并根据真实补丁的命名方式进行命名。Write and name the patch module, which is used to pre-write simulated vulnerability patches and name them according to the naming method of real patches. 18.根据权利要求17所述的系统,其特征在于,还包括:18. The system of claim 17, further comprising: 保存补丁模块,用于预先将所述模拟的漏洞补丁保存在模拟服务器的漏洞库中,并在漏洞库中添加模拟的漏洞补丁的信息及补丁编号,其中所述模拟的漏洞补丁的名称中包含补丁编号。Preserving the patch module is used to store the simulated vulnerability patches in the vulnerability database of the simulation server in advance, and add information and patch numbers of the simulated vulnerability patches in the vulnerability database, wherein the simulated vulnerability patches include in the name of patch number.
CN201510373043.9A 2011-12-27 2011-12-27 A kind of bug-fixing client logic testing method and bug-fixing client logic testing system Expired - Fee Related CN104978532B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510373043.9A CN104978532B (en) 2011-12-27 2011-12-27 A kind of bug-fixing client logic testing method and bug-fixing client logic testing system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510373043.9A CN104978532B (en) 2011-12-27 2011-12-27 A kind of bug-fixing client logic testing method and bug-fixing client logic testing system
CN201110444861.5A CN102592084B (en) 2011-12-27 2011-12-27 A testing method and system for vulnerability repair client logic

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201110444861.5A Division CN102592084B (en) 2011-12-27 2011-12-27 A testing method and system for vulnerability repair client logic

Publications (2)

Publication Number Publication Date
CN104978532A CN104978532A (en) 2015-10-14
CN104978532B true CN104978532B (en) 2018-10-23

Family

ID=46480705

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510373043.9A Expired - Fee Related CN104978532B (en) 2011-12-27 2011-12-27 A kind of bug-fixing client logic testing method and bug-fixing client logic testing system
CN201110444861.5A Active CN102592084B (en) 2011-12-27 2011-12-27 A testing method and system for vulnerability repair client logic

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201110444861.5A Active CN102592084B (en) 2011-12-27 2011-12-27 A testing method and system for vulnerability repair client logic

Country Status (1)

Country Link
CN (2) CN104978532B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103632098B (en) * 2012-08-21 2019-05-10 腾讯科技(深圳)有限公司 The method and device of patching bugs
CN102945351B (en) * 2012-11-05 2015-10-28 中国科学院软件研究所 Based on the mobile intelligent terminal security breaches restorative procedure of Quick Response Code under cloud environment
CN106845245B (en) * 2016-12-21 2019-11-26 中国科学院信息工程研究所 A kind of hot restorative procedure of loophole based on Xen virtual platform
CN108345796A (en) * 2017-05-02 2018-07-31 北京安天网络安全技术有限公司 A kind of loophole reparation and host reinforcement means and system
CN107395593B (en) * 2017-07-19 2020-12-04 深信服科技股份有限公司 Vulnerability automatic protection method, firewall and storage medium
CN110287112B (en) * 2019-06-25 2023-10-20 网易(杭州)网络有限公司 Maintenance method and device for client and readable storage medium
CN110348220A (en) * 2019-06-28 2019-10-18 北京威努特技术有限公司 A kind of bug excavation method, loophole repair verification method, device and electronic equipment
CN111488287B (en) * 2020-04-16 2023-05-16 南开大学 Method, device, medium and electronic equipment for generating injection vulnerability test cases
CN114721857A (en) * 2022-04-20 2022-07-08 麒麟软件有限公司 System for detecting and repairing kylin operating system bugs based on USB flash disk
CN116720195B (en) * 2023-07-06 2024-01-26 浙江齐安信息科技有限公司 Operating system vulnerability identification method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100493085C (en) * 2005-07-08 2009-05-27 清华大学 P2P worm defending system
CN101482846A (en) * 2008-12-25 2009-07-15 上海交通大学 Bug excavation method based on executable code conversed analysis
CN101986283A (en) * 2010-11-16 2011-03-16 北京安天电子设备有限公司 Method and system for detecting existed Windows system bugs

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040064722A1 (en) * 2002-10-01 2004-04-01 Dinesh Neelay System and method for propagating patches to address vulnerabilities in computers
US20070256132A2 (en) * 2003-07-01 2007-11-01 Securityprofiling, Inc. Vulnerability and remediation database
CN100401264C (en) * 2005-06-06 2008-07-09 华为技术有限公司 Data-driven automated testing system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100493085C (en) * 2005-07-08 2009-05-27 清华大学 P2P worm defending system
CN101482846A (en) * 2008-12-25 2009-07-15 上海交通大学 Bug excavation method based on executable code conversed analysis
CN101986283A (en) * 2010-11-16 2011-03-16 北京安天电子设备有限公司 Method and system for detecting existed Windows system bugs

Also Published As

Publication number Publication date
CN104978532A (en) 2015-10-14
CN102592084A (en) 2012-07-18
CN102592084B (en) 2015-07-29

Similar Documents

Publication Publication Date Title
CN104978532B (en) A kind of bug-fixing client logic testing method and bug-fixing client logic testing system
CN102736978B (en) A kind of method and device detecting the installment state of application program
US9880837B2 (en) Artifact manager for release automation
US9910743B2 (en) Method, system and device for validating repair files and repairing corrupt software
CN102099811B (en) Improved methods and systems for use in or relating to offline virtual environments
CN103530162B (en) The method and system that the on-line automatic software of a kind of virtual machine is installed
US8978015B2 (en) Self validating applications
US11461472B2 (en) Automatic correctness and performance measurement of binary transformation systems
GB2508643A (en) Method for Performing a Regression Test after Modifying Source Code File
CN106415480A (en) High-speed application for installation on mobile devices for permitting remote configuration of such mobile devices
US20120174086A1 (en) Extensible Patch Management
CN103793248A (en) Method and device for upgrading application program
CN113760339A (en) Vulnerability repair method and device
CN102156649B (en) Patch installation method and device thereof
US12265812B2 (en) Immutable image for deployment to edge devices
CN108170588A (en) A kind of test environment building method and device
US12481498B2 (en) Software code verification using software code identifier comparison
CN107632932A (en) A software warehouse reliability detection method with multi-level verification
US20130167138A1 (en) Method and apparatus for simulating installations
US12131150B2 (en) System and methods for patch management
CN106648797A (en) Method and system for installing test software, test server and shared server
CN115145632A (en) A method, device and storage medium for modifying dependent packages in a program project
McNab et al. An implementation of the linux software repository model for other operating systems
CN121070404A (en) In-situ upgrade migration method, device and equipment for Linux operating system and storage medium
CN119276705A (en) Configuration method, device and electronic equipment for attack and defense drills in cloud native environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220721

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181023

CF01 Termination of patent right due to non-payment of annual fee