摘要
Intent是Android应用中最常用的组件间相互通信的载体。然而,如果应用组件对Intent处理不当,极有可能导致应用异常甚至崩溃。以Android应用的各个组件为研究对象,提出了一种通过构造Intent对象来测试Android应用组件间通信健壮性的模糊测试方法。首先分析应用组件的注册文件,提取需要测试的组件及其相关信息。然后,反编译APK源文件,获得目标组件的源代码并提取Intent的附加信息。接着,基于状态压缩批量生成目标组件的Intent测试用例用于自动化测试,并监控目标组件的运行日志来获取其运行状态反馈,据此判断应用组件在响应Intent时是否发生异常。最后,基于相似度匹配的错误日志去重算法,准确地将同一缺陷生成的错误日志归为一类,降低人工分析的工作量。实验表明,所提方法相较于现有前沿研究Hwacha,能够少生成9%的测试用例,多发现14%的程序异常,并通过去重算法显著降低了需要人工研判错误类别的工作量。
Intent is the most commonly used carrier for inter-component communication in Android applications.However,if application components handle Intent improperly,it is very likely to cause abnormalities or even crashes.Taking the various components of Android applications as the research object,a fuzzing method was proposed to test the robustness of inter-component communication by constructing Intent objects.Firstly,the registration files of application components were analyzed to extract the components and their related information that need to be tested.Then,the APK source file was decompiled to obtain the source code of the target component and extract additional information of Intent.Next,based on state compression,a batch of Intent test cases for the target component were generated for automated testing, and the running logs of the target component were monitored to obtain feedback on its operational status, thereby determining whether an exception occurs when the application component responds to Intent. Finally, based on an error log deduplication algo-rithm with similarity matching, errors generated by the same defect were accurately classified into one category, reducing the workload of manual analysis. Experiments show that com-pared with the existing cutting-edge research Hwacha, the proposed method can generate 9% fewer test cases and discover 14% more program exceptions, and significantly reduce the workload of manually determining error categories through the deduplication algorithm.
作者
李阳
文廷科
马慧敏
王瑞鹏
李倩玉
潘祖烈
LI Yang;WEN Tingke;MA Huimin;WANG Ruipeng;LI Qianyu;PAN Zulie(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China)
出处
《信息对抗技术》
2024年第4期81-94,共14页
Information Countermeasures Technology
基金
国家重点研发计划项目(2022YFB3102900)。
