| 发明名称 |
GENERATING COVERAGE METRICS FOR BLACK-BOX TESTING |
| 摘要 |
Generating coverage metrics for black-box testing includes performing static analysis of a program code to be tested. The static analysis includes identifying variables whose value depends on inputs of the program code. Code blocks are inserted into the program code to be tested. The code blocks insert vulnerabilities into the code at locations where the variables are modified. The code blocks violate one or more properties to be tested. A testing scan is applied to the program code and vulnerabilities are located by the test. A coverage metric is output based on the ratio of the located vulnerabilities to the total number of inserted vulnerabilities in the program code. |
| 申请公布号 |
US2016062877(A1) |
申请公布日期 |
2016.03.03 |
| 申请号 |
US201514731549 |
申请日期 |
2015.06.05 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Tripp Omer;Wurth Emmanuel |
| 分类号 |
G06F11/36 |
主分类号 |
G06F11/36 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for generating coverage metrics for black-box testing, comprising:
performing static analysis of a program code to be tested, wherein the static analysis includes identifying variables whose value depends on inputs of the program code; inserting code blocks into the program code to be tested, wherein the code blocks insert vulnerabilities into the code at locations where the variables are modified and wherein the code blocks violate one or more properties to be tested; applying a testing scan to the program code and determining a number of vulnerabilities located by the test; and outputting a coverage metric based on the ratio of the located vulnerabilities to the total number of inserted vulnerabilities in the program code. |
| 地址 |
Armonk NY US |
