未验证 提交 89466409 编写于 作者: O openharmony_ci 提交者: Gitee

!12358 [翻译完成】#I5VNBD

Merge pull request !12358 from Annie_wang/PR10584
# OpenHarmony Secure Test Guide
With reference to industry standards and best practices, this document provides guidelines for secure tests.
## Secure Coding Test
1. Review the code of each module, and ensure that the code complies with the [Coding Style](./code-contribution.md#coding-style).
2. Use a dedicated tool to scan the code and ensure all the alarms are cleared. A secure code scanning tool has been integrated in the OpenHarmony gated check-in.
## Security Design Verification
Review and verify the security design of each module, and ensure that the security design complies with [OpenHarmony Security Design Specifications](./OpenHarmony-security-design-guide.md).
## Security Tests
1. For critical modules, develop graybox and whitebox fuzzing test suites based on the [Fuzzing Test Framework](https://gitee.com/openharmony/test_developertest/tree/master/libs/fuzzlib) and complete the tests.
2. Perform blackbox fuzzing tests on exposed user-mode APIs, including system service APIs, kernel driver APIs, socket network APIs, and more.
3. Use a build scanning tool to check the build option settings. The build files must comply with the OpenHarmony Build Specifications.
4. Use the mainstream vulnerability scanning tools to scan open-source components. Ensure that all the detected vulnerabilities have been fixed according to the vulnerability management process of the community.
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册