Why we didn't catch that application bugs
31
Catch Me If You Can Customer Fund Bug Analysis Liang Gao
-
Upload
gaoliang641 -
Category
Technology
-
view
688 -
download
2
Transcript of Why we didn't catch that application bugs
Catch Me If You CanCustomer Fund Bug Analysis
Liang Gao
Analysis Customer Found Bug is Good
• Why we didn’t find it through our internal testing
• What test case can be designed to catch that• What kind of test strategy can cover that• How can we make sure we can catch this kind
if bug from now on
Bug # 1, WebEx Bug:
• In Windows, if you share Adobe Acrobat (PDF) files in landscape mode, they may display in portrait mode
• In Mac, You can only connect to WebEx sessions from behind a Microsoft ISA proxy server, in basic mode, that has user authentication enabled.
• In Linux: you cannot clear just your own annotations. When you clear annotations, all annotations are removed.
Bug # 2 WebEx Bug:
• If Active X is disabled in Internet Explorer, contacts cannot be imported from Microsoft Outlook.
• In Mac, You can only connect to WebEx sessions from behind a Microsoft ISA proxy server, in basic mode, that has user authentication enabled.
• In Linux: you cannot clear just your own annotations. When you clear annotations, all annotations are removed.
Bug # 3 WebEx Bug:
• If a single occurrence of a recurring WebEx meeting is either deleted or rescheduled, the meeting information is not updated on the WebEx service site. In the host and attendee's Outlook calendars, however, the deleted or rescheduled meeting still appears correctly.
• If a template used during Outlook integration has "Mute on Entry" option enabled, you will still hear a sound as attendees join the session.
• Attendee registration can not be enabled for recurring WebEx meetings scheduled using Lotus Notes Integration.
Bug # 4 Taobao Bug:
Bug # 5 Taobao Bug:http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”><img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload=
Bug # 6 Alisoft Bug:http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”><img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload=
http://webwwtb2.im.alisoft.com/wangwang/ww1.htm?t=1222861728484&uid=monyer&tid=m%3Cimg%20src=javascript:alert("monyertest"+document.cookie)%3E
Bug # Bug 7 Taobao Bug:http://wuliu.taobao.com/user/order_list_new.htm?order_status_show=monyer”><img%20src=http://www.baidu.com/img/baidu_logo.gif%20onload=
http://webwwtb2.im.alisoft.com/wangwang/ww1.htm?t=1222861728484&uid=monyer&tid=m%3Cimg%20src=javascript:alert("monyertest"+document.cookie)%3E
http://upload.taobao.com/auction/publish/publish.htm?auction_type=monyer"%3E%3Cimg%20src=http://www.baidu.com/img/baidu_logo.gif%3E
Bug 9: Google Doc Sharing Bug
We have two documents with one owner and two contributors each:Document 1, contributors: A, BDocument 2, contributors: C, D
If I were to select both documents and make E a contributor, this is what I would expect to happen:Document 1, contributors: A, B, EDocument 2, contributors: C, D, E
This is what actually happened:Document 1, contributors: A, B, C, D, EDocument 2, contributors: C, D, E
Bug 10: Google Doc Authentication Bug
For Google Doc,
an image embedded into a protected document is given a URL which is not protected
Bug 11: Office Online Bug
Office Online Bug
Bug 12: Boundary Testing Bugs
14
214-748-3647 Most popular phone number in US
Largest 32 bit signed number
Store phone number in a signed 32 bits and didn’t check buffer overflow
Bug 13: Visa Credit Card Bug
Recently several Visa card holders were overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge.
The company says it was due to a programming error, and that the problem has been corrected.
What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."
Bug 16: Cisco Bug
• Title:在向某防火墙发送 version字段为 0 的IPv6报文时,打开防火墙的 snoop,会造成防火墙重启 .
• How would you design test case?• Why it was not caught internally• What kind of test strategy can cover this?
Bug 17: Cisco Bug
• 处理 IPv6分片 ICMP大包 .防火墙上结果是未通过
• How would you design test case?• Why it was not caught internally• What kind of test strategy can cover this?
Bug 18: Cisco Bug
• 某网络安全代理产品:当访问已有代理的Web服务器时候访问不了
• How would you design test case?• Why it was not caught internally• What kind of test strategy can cover this?Content secure gateway
Proxy Web Server
Bug 19: Cisco Bug
• 配置了 65535 个 RP 和 1785 个 vlan 的 IP 地址后, wr ,死机,重新断电启动,等待10 分钟后仍然无法启动
• How would you design test case?• Why it was not caught internally• What kind of test strategy can cover this?
Bug 20: Cisco Bug • 当使用 BGP PEER GROUP 时,当邻居实
际 AS 与配置的 AS 不同时,仍能建立连接
Bug 21: 银行• 网上银行使用银联来做认证• 银联升级, 凌晨• 15 分钟之内所有银联的认证全部默认通
过• 所有网上银行交易(网购等) 15 分钟内
无需密码(任意密码)就可以成功
Bug 22: 银行• 外汇交易,汇率信息来自路透社• 路透社和北京时间有时差,有一段时间
不会有信息更新• 系统实现时,如果没有信息更新,使用
缺省的汇率• 被客户发现并利用,损失了上百万
Bug 24: 网络• 瑞典因例行维护时造成 DNS 不能识别域名中的“ .se” 而使全瑞典互联网断网近一个小时。
• • 瑞典当地时间 2009 年 10 月 12日晚上 9 时 45分,全瑞典所有网站无法连接,
所有带瑞典域的电子邮件都无法正常接收和发送,有大约 90万域名受到影响。• • 瑞典网络监控公司 Pingdom指出 ,在对“ .se”域升级时的“脚本配置错误”是
引起这次网络故障的原因。• • 很显然,程序末尾仅少了个句号使得域名系统( DNS)无法识别“ .se ”了,
“ .se” 是瑞典的“顶级”(国家)域。(译注:“ se”取自 Sweden,就像“ cn”取自中国 china一样)
• 在对脚本测试期间,这个遗漏的句号没有被发现。而该软件一旦投入运行,监视系统便发现该遗漏的句号,并生成一个新文件。
• • 然而,由于旧脚本信息缓存在各互联网服务提供商( ISP)中,要等到各 ISP
重新还原系统,由新脚本引起的中断才告结束。修正后的新脚本在当地时间晚上10 时 43分投入运行。
Bug 25: 携程• 点数换机票,需要上网认证,并通过手
机认证,客户收到认证码后,再上网确认。
• 里程部看到的是里程数已经可以用了• 而客服部看到的是还不能够购买• 客户在这两个部门间被踢来踢去,一个
很好的客户满意计划变成了客户抱怨计划。
Bug 26: 意大利邮电局系统更新Bug• 2009 年 11 月 25 日邮局系统更新,包括
所有的 ATM• 整数后面的小数点被去掉,取 115.00 欧
元被认为是取了 11500 欧元• 上万人的账户显示透支,不能再使用。• 客服电话被打爆
Bug 27: 微软 Office 2003 权限Bug• Cannot Open Office 2003 Documents
Protected with RMS• Starting on December 11, 2009, customers
using Office 2003 will not be able to open Office 2003 documents protected with the Rights Management Service (RMS) or save Office 2003 documents protected with RMS. The following error message may be displayed when attempting to Open RMS Documents using Office 2003:
Bug 28: 微软手机 Bug• Messages received after 1/1/2010 may be
dated as 2016 • Today's date 010110 • BCD 10 is 0001 0000 in binary, which is 16
in decimal. • Bank of Queensland’s Eftpos terminals.
OQ’s Eftpos machines skipped ahead six years when the clock ticked over to January 1 and started date stamping January 2016.
Bug 29: SpamAssassin Bug• Messages received after 1/1/2010 are all
treated as Spam• Promptly at the start of the new year, all mails
started getting an extra 3.4 points based on FH_DATE_PAST_20XX: header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX The date is grossly in the future.
Bug 30: Mars Pathfinder Bug• 2+2 = 5 check• 一个产生偶数的算法• 实验室中只发生了一次,无法重现• 中断发生了一次,在执行算法之前(百万分之一秒)
Bug的修复费用从顶层到底层逐渐增多
