CN109165130B - Test method and device for verifying decoding database package - Google Patents
Test method and device for verifying decoding database package Download PDFInfo
- Publication number
- CN109165130B CN109165130B CN201811154020.9A CN201811154020A CN109165130B CN 109165130 B CN109165130 B CN 109165130B CN 201811154020 A CN201811154020 A CN 201811154020A CN 109165130 B CN109165130 B CN 109165130B
- Authority
- CN
- China
- Prior art keywords
- database
- package
- handshake
- keywords
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2273—Test methods
Abstract
The invention provides a test method for verifying a decoding database packet, which comprises the steps of reading the database packet and verifying a mark contained in the database packet; calling a decoding program to decode the database package, and storing the decoded data into a specified text; reading data from the specified text, and counting the total number of records contained in the database package according to the keywords; polling and traversing the total number of the keywords contained in each record in the specified text and the value of each keyword, comparing the value of each keyword with a corresponding expected value, and generating a test result; and displaying the test result on a page through the test report generator. The invention has the advantages that: the method not only can greatly reduce the investment of human resources, but also can avoid errors caused by artificial analysis of test result data, and accurately verify the contents of the database package.
Description
Technical Field
The invention relates to the field of database testing, in particular to a testing method and a testing device for verifying and decoding a database packet.
Background
The database security audit product is mainly used for monitoring and recording various operation behaviors of a database server, intelligently analyzing various operations of the database server in real time through analysis of network data, and recording the operations into an audit database so as to be convenient for inquiring, analyzing and filtering in the future, thereby realizing monitoring and auditing of user operations of a target database system.
At present, most database security audit products on the market have the defects of abnormal decoding of database packets or missing decoding of partial fields in the database packets, and particularly, the database packets containing a plurality of complex SQL statements are easy to have abnormal decoding or missing decoding of partial fields. In order to avoid decoding abnormality or missing decoding of part of the fields, it is usually necessary to test the contents of the decoded database packet. In the prior art, in the process of testing, for each round of testing of each version, a regression test needs to be performed on the content in the decoded database packet to verify whether the function of the decoded database packet is normal. Therefore, the existing testing method has the following defects: not only needs to invest a large amount of human resources in the testing process, but also is easy to generate fatigue in the presence of complex data, and further causes testing errors.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a test method for verifying a decoded database packet, which can not only greatly reduce the input of human resources, but also avoid errors caused by artificially analyzing test result data, and accurately verify the contents of the database packet.
The invention is realized by the following steps: a test method for validating a decoded database packet, the method comprising:
step S1, reading the database package and verifying the mark contained in the database package;
step S2, calling a decoding program to decode the database package, and storing the decoded data into a specified text;
step S3, reading data from the specified text, and counting the total number of records contained in the database package according to the keywords;
step S4, performing polling traversal on the total number of the keywords contained in each record in the specified text and the key value of each keyword, comparing the key value of each keyword with a corresponding expected value, and generating a test result;
and step S5, displaying the test result on the page through the test report generator.
Further, in step S1, the flags included in the database packet include flags of a first handshake, a second handshake, a third handshake, and tcp connection close.
Furthermore, the flag included in the database packet further includes a flag for data transmission.
Further, the step S1 specifically includes:
reading the database package, verifying whether the database package contains a first handshake mark, a second handshake mark, a third handshake mark and a mark for closing tcp connection, and if so, indicating that the database package to be tested is a legal and complete package, and then entering step S2; if not, the data base package to be tested is not a legal and complete package, and the test flow is directly ended at the moment.
Further, the keywords contained in the record include: the method comprises the following steps of database protocol type, database name, target address IP, target address port number, database connection state, complete SQL statement, TABLE in SQL statement, COLUMN in SQL statement, VALUE in SQL statement or response result of corresponding SQL statement.
Further, in the step S4, the test result includes key values of the keywords, expected values corresponding to the keywords, and a comparison state.
Further, the step S5 is specifically: and displaying the test result on the HTML page through the test report generator.
The invention has the following advantages:
1. the method can be used for multiple times only by once writing the automatic test script, thereby greatly reducing the investment of human resources, avoiding errors caused by artificial analysis of test result data and accurately verifying the contents of the database package.
2. The key values of all the keywords, the expected values corresponding to all the keywords and the comparison states are displayed on the HTML page, so that research and development personnel can be helped to quickly find and locate the keywords which are not normally decoded in the database package.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
FIG. 1 is a flowchart illustrating a test method for verifying a decoded database packet according to the present invention.
Detailed Description
Referring to fig. 1, a preferred embodiment of a testing method for verifying a decoded database packet according to the present invention includes:
step S1, reading the database package and verifying the mark contained in the database package;
step S2, invoking a decoding program to decode the database packet, and storing the decoded data into a specified text, for example, the decoded data may be stored into a text in the form of decode _ result.txt;
step S3, reading data from the specified text, and counting the total number of records contained in the database package according to the keywords;
step S4, performing polling traversal on the total number of the keywords contained in each record in the specified text and the key value of each keyword, comparing the key value of each keyword with a corresponding expected value, and generating a test result;
and step S5, displaying the test result on the page through the test report generator.
When the test method is implemented specifically, the test method can be used for multiple times only by once writing the automatic test script, and is particularly suitable for the conventional version regression test. Through practical tests, the time consumed for decoding more than 300 database packets of 50KB is less than 1 hour, so that the investment of human resources can be greatly reduced, and errors caused by manual analysis of test result data can be avoided.
In step S1, the flags included in the database packet include flags of a first handshake [ SYN ], a second handshake [ SYN, ACK ], a third handshake [ ACK ], and tcp connection close [ FIN, ACK ]. Wherein, the first handshake [ SYN ] represents the establishment of tcp connection; the second handshake [ SYN, ACK ] indicates that the server acknowledges the client's connection request; the third handshake [ ACK ] indicates that the client sends a confirmation packet to the server after receiving the confirmation packet of the server; tcp connection close [ FIN, ACK ] indicates that the established tcp connection is closed. In the present invention, the flags of the first handshake [ SYN ], the second handshake [ SYN, ACK ], the third handshake [ ACK ], and the tcp connection close [ FIN, ACK ] all have to be verified.
The mark contained in the database packet also comprises a mark of data transmission [ PSH, ACK ], the data transmission [ PSH, ACK ] indicates that data transmission exists between the client and the server, and in the invention, the data transmission [ PSH, ACK ] is optional during specific verification.
The step S1 specifically includes:
reading the database packet, and verifying whether the database packet includes a first handshake [ SYN ], a second handshake [ SYN, ACK ], a third handshake [ ACK ], and a flag indicating that tcp connection is closed [ FIN, ACK ] (of course, if the flag indicating that data transmission [ PSH, ACK ] is performed is also selected to be verified, then it is necessary to verify that data transmission [ PSH, ACK ]), and if so, it indicates that the database packet to be tested is a legal and complete packet, and then, the process proceeds to step S2; if not, the data base package to be tested is not a legal and complete package, and the test flow is directly ended at the moment.
When the invention is implemented, a database generally containing an SQL communication statement can be used as a record, and the keywords contained in the record comprise: the method comprises the following steps of database protocol type, database name, target address IP, target address port number, database connection state, complete SQL statement, TABLE in SQL statement, COLUMN in SQL statement, VALUE in SQL statement or response result of corresponding SQL statement.
In step S4, the test result includes key values of the keywords, expected values corresponding to the keywords, and comparison states (i.e., pass or fail).
The step S5 specifically includes: the test result is displayed on the HTML page through the test report generator, and the test result can be displayed more intuitively and more friendly by adopting the HTML page.
In summary, the invention has the following advantages:
1. the method can be used for multiple times only by once writing the automatic test script, thereby greatly reducing the investment of human resources, avoiding errors caused by artificial analysis of test result data and accurately verifying the contents of the database package.
2. The key values of all the keywords, the expected values corresponding to all the keywords and the comparison states are displayed on the HTML page, so that research and development personnel can be helped to quickly find and locate the keywords which are not normally decoded in the database package.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.
Claims (4)
1. A test method for verifying a decoded database packet is characterized in that: the method comprises the following steps:
step S1, reading the database package and verifying the mark contained in the database package; the marks comprise marks of first handshake, second handshake, third handshake and tcp connection closing;
step S2, calling a decoding program to decode the database package, and storing the decoded data into a specified text;
step S3, reading data from the specified text, and counting the total number of records contained in the database package according to the keywords;
step S4, performing polling traversal on the total number of the keywords contained in each record in the specified text and the key value of each keyword, comparing the key value of each keyword with a corresponding expected value, and generating a test result;
step S5, displaying the test result on the HTML page through the test report generator;
the step S1 specifically includes:
reading the database package, verifying whether the database package contains a first handshake mark, a second handshake mark, a third handshake mark and a mark for closing tcp connection, and if so, indicating that the database package to be tested is a legal and complete package, and then entering step S2; if not, the data base package to be tested is not a legal and complete package, and the test flow is directly ended at the moment.
2. The method of claim 1, wherein the step of testing comprises: the tag included in the database packet also includes a tag for data transfer.
3. The method of claim 1, wherein the step of testing comprises: the keywords contained in the records include: the method comprises the following steps of database protocol type, database name, target address IP, target address port number, database connection state, complete SQL statement, TABLE in SQL statement, COLUMN in SQL statement, VALUE in SQL statement or response result of corresponding SQL statement.
4. The method of claim 1, wherein the step of testing comprises: in step S4, the test result includes key values of the keywords, expected values corresponding to the keywords, and a comparison state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811154020.9A CN109165130B (en) | 2018-09-30 | 2018-09-30 | Test method and device for verifying decoding database package |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811154020.9A CN109165130B (en) | 2018-09-30 | 2018-09-30 | Test method and device for verifying decoding database package |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109165130A CN109165130A (en) | 2019-01-08 |
| CN109165130B true CN109165130B (en) | 2022-01-25 |
Family
ID=64877247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811154020.9A Active CN109165130B (en) | 2018-09-30 | 2018-09-30 | Test method and device for verifying decoding database package |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109165130B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6195658B1 (en) * | 1999-07-15 | 2001-02-27 | Bell Atlantic Network Services, Incorporated | Method and system for auditing a test database against a reference database |
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| CN103312551A (en) * | 2012-03-12 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Test method and test device of common gateway interface |
| CN103425931A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | Abnormal web script detection method and system |
| CN106445795A (en) * | 2016-09-26 | 2017-02-22 | 中国工商银行股份有限公司 | Method and device for detecting efficiency of database SQL |
| CN107872463A (en) * | 2017-11-29 | 2018-04-03 | 四川无声信息技术有限公司 | A kind of WEB mails XSS attack detection method and relevant apparatus |
-
2018
- 2018-09-30 CN CN201811154020.9A patent/CN109165130B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6195658B1 (en) * | 1999-07-15 | 2001-02-27 | Bell Atlantic Network Services, Incorporated | Method and system for auditing a test database against a reference database |
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| CN103312551A (en) * | 2012-03-12 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Test method and test device of common gateway interface |
| CN103425931A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | Abnormal web script detection method and system |
| CN106445795A (en) * | 2016-09-26 | 2017-02-22 | 中国工商银行股份有限公司 | Method and device for detecting efficiency of database SQL |
| CN107872463A (en) * | 2017-11-29 | 2018-04-03 | 四川无声信息技术有限公司 | A kind of WEB mails XSS attack detection method and relevant apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109165130A (en) | 2019-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101239401B1 (en) | Log analysys system of the security system and method thereof | |
| EP2244418A1 (en) | Database security monitoring method, device and system | |
| CN108628748B (en) | Automatic test management method and automatic test management system | |
| US10362086B2 (en) | Method and system for automating submission of issue reports | |
| US20030145080A1 (en) | Method and system for performance reporting in a network environment | |
| US8209658B2 (en) | Method of creating signatures for classifying program failures | |
| CN105787364B (en) | Automatic testing method, device and system for tasks | |
| WO2019019640A1 (en) | Simulated processing method and apparatus for order information, and storage medium and computer device | |
| US8713368B2 (en) | Methods for testing OData services | |
| US11362912B2 (en) | Support ticket platform for improving network infrastructures | |
| CN108614742B (en) | Report data verification method, system and device | |
| CN111552632A (en) | Interface testing method and device | |
| CN106126419A (en) | The adjustment method of a kind of application program and device | |
| CN109933533B (en) | Visual data testing method, device and equipment and readable storage medium | |
| CN111966587A (en) | Data acquisition method, device and equipment | |
| CN109165130B (en) | Test method and device for verifying decoding database package | |
| CN117155832A (en) | Multi-terminal non-invasive recording playback test method and system for UDP transmission protocol | |
| CN112433936A (en) | Test method, test device and storage medium | |
| CN105450462A (en) | On-line state monitoring method and system | |
| CN113127345B (en) | Application testing method and device, electronic equipment and storage medium | |
| CN109347797A (en) | A kind of third-party application login method and electronic equipment based on educational system | |
| CN112671615A (en) | Method, system and storage medium for collecting operation behavior data of front-end user | |
| CN112199279A (en) | Full-link inspection method and device | |
| CN111831698A (en) | Data auditing method, system and electronic equipment | |
| CN114760086B (en) | Method and device for detecting compliance of web pages, storage medium and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 350000 21 / F, building 5, f District, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province Applicant after: FUJIAN SINOREGAL SOFTWARE CO.,LTD. Address before: Floor 20-21, building 5, area F, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province 350000 Applicant before: FUJIAN SINOREGAL SOFTWARE CO.,LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |