基于解析树的Java Web灰盒模糊测试

Gray-box Fuzzing for Java Web with Parse Tree

由于Java Web应用业务场景复杂,且对输入数据的结构有效性要求较高,现有的测试方法和工具在测试Java Web时存在测试用例的有效率较低的问题.为了解决上述问题,本文提出了基于解析树的Java Web应用灰盒模糊测试方法.首先为Java Web应用程序的输入数据包进行语法建模创建解析树,区分分隔符和数据块,并为解析树中每一个叶子结点挂接一个种子池,隔离测试用例的单个数据块,通过数据包拼接生成符合Java Web应用业务格式的输入,从而提高测试用例的有效率;为了保留高质量的数据块,在测试期间根据测试程序的执行反馈信息,为每个数据块种子单独赋予权值;为了突破深度路径,会在相应种子池中基于条件概率学习提取数据块种子特征.本文实现了基于解析树的Java Web应用灰盒模糊测试系统PTreeFuzz,测试结果表明,该系统相较于现有工具取得了更好的测试准确率.

Due to the complexity of the Java Web application business scenario and the high requirement for the structural validity of the input data,the existing test methods and tools have the problems of low efficiency of test cases when testing Java Web.To solve the above problems,this study presents a gray-box fuzzing method for Java Web applications based on parse trees.First,the study models the syntax of the input packets of Java Web applications,creates a parse tree,distinguishes between delimiters and data blocks,and hooks up a seed pool for each leaf node in the parse tree.In addition,the study isolates the single data block of the test case and generates the input in line with the Java Web application business format by packet splicing,so as to improve the efficiency of test cases.In addition,in order to retain high-quality data blocks,each data block seed is assigned a separate weight during the test according to the execution feedback information of the test program.In order to break through the deep path,the seed features of data blocks are extracted based on conditional probability learning in the corresponding seed pool.This study implements a gray-box fuzzing test system for Java Web applications based on parse trees,namely PTreeFuzz,and the test results show that the system achieves better test accuracy compared with existing tools.