CN109376078A - Test method, terminal device and the medium of mobile application - Google Patents

Test method, terminal device and the medium of mobile application Download PDF

Info

Publication number
CN109376078A
CN109376078A CN201811116315.7A CN201811116315A CN109376078A CN 109376078 A CN109376078 A CN 109376078A CN 201811116315 A CN201811116315 A CN 201811116315A CN 109376078 A CN109376078 A CN 109376078A
Authority
CN
China
Prior art keywords
test
client
manipulation event
application
web
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811116315.7A
Other languages
Chinese (zh)
Other versions
CN109376078B (en
Inventor
席悦洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinshi Technology Development Co ltd
Shenzhen Lian Intellectual Property Service Center
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN201811116315.7A priority Critical patent/CN109376078B/en
Publication of CN109376078A publication Critical patent/CN109376078A/en
Application granted granted Critical
Publication of CN109376078B publication Critical patent/CN109376078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3696Methods or tools to render software testable
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The present invention is suitable for the field of test technology, provides test method, terminal device and the medium of a kind of mobile application, this method comprises: running application installation package in system simulator, and installs application to be tested in system simulator;The Remote desk process request issued according to client enables system simulator and client establish and communicates to connect;It obtains client and treats the test instruction of test application sending, and trigger manipulation event corresponding with test instruction;Scan request is issued to the web-page interface of association manipulation event, scan request is for requesting to detect the logic loophole of the web-page interface;Based on the scanning response message received, the corresponding test result of web-page interface is exported.The present invention realizes user in the case where that need not prepare mobile terminal and without installing bottom layer plug-in unit, can also execute the test operation to mobile application, therefore reduce the difficulty of test of mobile application;The automatic identification for realizing web interface improves the testing efficiency of mobile application.

Description

Test method, terminal device and the medium of mobile application
Technical field
The invention belongs to the field of test technology more particularly to a kind of test methods of mobile application, terminal device and calculating Machine readable storage medium storing program for executing.
Background technique
Major application system is required to examine the security breaches present in it as tester before online publication Survey processing.In traditional test mode, each webpage that application system is crawled in such a way that webpage web is scanned usually is required The page, and then Hole Detection is carried out again after identifying each web interface.However, when the application system of publication is based on client When the mobile application of form, the web page for being included by it only can integration exhibition in the client of mobile device, therefore nothing Method crawls its web page by web scanning tools, it is difficult to carry out the automatic identification and detection check of web interface. Therefore, the larger problem of mobile application difficulty of test exists in the prior art.
Summary of the invention
It can in view of this, the embodiment of the invention provides a kind of test method of mobile application, terminal device and computers Storage medium is read, the difficulty of test to solve the problems, such as the mobile application in the presence of the prior art is larger.
The first aspect of the embodiment of the present invention provides a kind of test method of mobile application, comprising:
Application installation package is run in system simulator, and application to be tested is installed in the system simulator;
The Remote desk process request issued according to client, enables the system simulator establish with the client and communicates Connection;
It obtains the test that the client issues the application to be tested to instruct, and triggers corresponding with the test instruction Manipulation event;
Scan request is issued to the web-page interface for being associated with the manipulation event, the scan request is for requesting to the net The logic loophole of page interface is detected;
Based on the scanning response message received, the corresponding test result of the web-page interface is exported.
The second aspect of the embodiment of the present invention provides a kind of terminal device, including memory and processor, described to deposit Reservoir is stored with the computer program that can be run on the processor, and the processor is realized when executing the computer program Following steps:
Application installation package is run in system simulator, and application to be tested is installed in the system simulator;
The Remote desk process request issued according to client, enables the system simulator establish with the client and communicates Connection;
It obtains the test that the client issues the application to be tested to instruct, and triggers corresponding with the test instruction Manipulation event;
Scan request is issued to the web-page interface for being associated with the manipulation event, the scan request is for requesting to the net The logic loophole of page interface is detected;
Based on the scanning response message received, the corresponding test result of the web-page interface is exported.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, and the computer program realizes following steps when being executed by processor:
Application installation package is run in system simulator, and application to be tested is installed in the system simulator;
The Remote desk process request issued according to client, enables the system simulator establish with the client and communicates Connection;
It obtains the test that the client issues the application to be tested to instruct, and triggers corresponding with the test instruction Manipulation event;
Scan request is issued to the web-page interface for being associated with the manipulation event, the scan request is for requesting to the net The logic loophole of page interface is detected;
Based on the scanning response message received, the corresponding test result of the web-page interface is exported.
In the embodiment of the present invention, by installing mobile application to be tested in system simulator, user can utilize its visitor Family end connects system simulator in a manner of remote desktop, and then all kinds of manipulation events are simulated in the system simulator, so that Web page associated by mobile application is no longer only limitted in the client of mobile device, it is thereby achieved that user need not prepare Mobile terminal and the test operation to mobile application need not can be also executed, therefore is reduced in the case where bottom plug-in unit erroneous for installation The difficulty of test of mobile application improves test flexibility.Corresponding manipulation event is instructed by triggering test, is manipulated to association The web interface of event issues scan request, and ensure that can grab preset bottom web request, realize web interface Automatic identification, therefore, the embodiment of the present invention also improves the testing efficiency of mobile application.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the implementation flow chart of the test method of mobile application provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow chart of the test method S103 of mobile application provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides mobile application test method implementation flow chart;
Fig. 4 is the implementation flow chart of the test method for the mobile application that further embodiment of this invention provides;
Fig. 5 is another specific implementation flow chart of the test method S103 of mobile application provided in an embodiment of the present invention;
Fig. 6 is the structural block diagram of the test device of mobile application provided in an embodiment of the present invention;
Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 shows the implementation process of the test method of mobile application provided in an embodiment of the present invention, this method process packet Include step S101 to S105.The specific implementation principle of each step is as follows:
S101: application installation package is run in system simulator, and application to be tested is installed in the system simulator.
In the embodiment of the present invention, system simulator includes Android simulator, iOS simulator and about all kinds of mobile terminals The simulator etc. of operating system.System simulator is equal to a void for simulating to the operating system of mobile terminal Quasi- mobile terminal desktop, so that user is able to carry out in system simulator and it can be executed in mobile terminal operating system Same operation.
For preset system simulator, the application installation package received is imported in the system simulator, and is being detected When the selection issued to user to the application installation package instructs, operation processing is carried out to the application installation package, obtains being installed on and is Application to be tested in system simulator.Wherein, above-mentioned application to be tested is that the shifting of security breaches processing is executed needed for developer Dynamic application, application installation package are uploaded by the client connected in advance and are obtained, can also pre-saved by user in Android simulator In affiliated local terminal.
S102: it is requested according to the Remote desk process that client issues, the system simulator is enabled to build with the client Vertical communication connection.
By the plug-in unit based on SPICE protocol, start remote desktop function, externally to provide Remote desk process service. In the embodiment of the present invention, if the Remote desk process request of client sending is received, to the user account information of client Carry out legitimacy verifies.Property verification if legal passes through, then responds to Remote desk process request, and establishes with client Communication connection.Property verification if legal does not pass through, then refusal is established with the client and communicated to connect.
S103: it obtains the test that the client issues the application to be tested and instructs, and trigger and refer to the test Enable corresponding manipulation event.
In the embodiment of the present invention, above-mentioned client runs on user terminal.After establishing communication connection with client, it will wrap The remote desktop of the simulator containing above system is showed in the display interface of client owning user terminal.Therefore, based on checking The interface information arrived, the application execution items to be tested control operation that user can in the client run remote desktop, with Generate corresponding every test instruction.
In the embodiment of the present invention, the test instruction that client treats test application sending is obtained.It is patrolled according to preset code Volume, triggering manipulation event corresponding with each test instruction.For example, if the test that is used for for detecting that client issues logs in behaviour Make whether normally test instruction, then triggers corresponding login event.
As an embodiment of the present invention, Fig. 2 shows the test methods of mobile application provided in an embodiment of the present invention The specific implementation flow of S103, details are as follows:
S1031: obtaining the touch parameter that the client uploads, and the touch parameter is based on the client and is captured Touch control gesture generate.
In the embodiment of the present invention, user terminal belonging to client is the terminal device comprising touch screen.By in touch-control The system simulator of remote desktop is shown in screen, user can be clicked using all kinds of touch control gestures chooses application to be tested In any control, and input about choose control operating parameter.Client according to the control that detects choose instruction and Operating parameter is uploaded after being converted into corresponding touch parameter.Therefore, it is connected by telecommunication, can receive and arrive The touch parameter uploaded from the client.
Illustratively, above-mentioned touch parameter can be control coordinate value and control of the user selected in terminal interface Moving distance etc..
S1032: the system type of the system simulator is obtained.
In the embodiment of the present invention, the system type of system simulator includes the classes such as Android, iOS, windows and miui Type.Under installation directory corresponding to system simulator, searches and describe file with the associated installation of the system simulator.To installation The preset field of correspondence system type is read out in description file, to determine system mould according to the attribute value of the preset field The system type of quasi- device.
S1033: with the matched function library of the system type, the touch-control is parsed by preset mapping algorithm and is joined Number obtains the handling function corresponding to the touch parameter.
Each system type and a preset function storehouse matching.Therefore, according to the system mould determined in above-mentioned S1032 The system type of quasi- device, obtains and the matched function library of the system type.It include pre-stored multiple operation letters in function library Number.Wherein, each handling function is for calling corresponding part logical code, and then realizes a corresponding system function.
In the embodiment of the present invention, parsed by the touch parameter that preset mapping algorithm uploads client, with base In all kinds of parameter values that the touch parameters such as control coordinate value and control moving distance are included, from the function library determined, Search the handling function of the corresponding touch parameter.Above-mentioned mapping algorithm is used to indicate the mapping between touch parameter and handling function Relationship.
Illustratively, if touch parameter includes icon control A, in above-mentioned function library, according to the control of icon control A Mark, find out include in logical code the control mark handling function;If touch parameter includes the movement of icon control A Distance a, then the remote desktop distance value b mapped according to moving distance institute's equal proportion, finding out includes this in logical code The handling function of remote desktop distance value b.
S1034: generating the test instruction based on the handling function, and in the system simulator, triggering with it is described Test instructs corresponding manipulation event.
Since handling function is for calling its corresponding part logical code, in order to which its logical code is converted to The executable instruction that machine can be distinguished generates the test instruction based on aforesaid operations function.
Preferably, multiple if detecting that handling function corresponding to touch parameter has, multiple handling functions are tied After conjunction, the test instruction for being associated with above-mentioned multiple handling functions is generated.For example, if the handling function found out includes for icon Control A carries out mobile handling function and the handling function for translating 50 pixel distances, then generates and be based on this two The test of handling function instructs, so that test instruction is for translating 50 pixels for icon control A.
In the embodiment of the present invention, system simulator is enabled to execute the test instruction of above-mentioned generation, is referred to triggering the corresponding test The manipulation event of order.
In the embodiment of the present invention, the touch parameter uploaded by obtaining the client, and pass through preset mapping algorithm It parses corresponding handling function, and then generates the test instruction based on handling function, ensure that user only need to be at it Touch control operation is executed in the display interface of mobile terminal, system simulator just can be automatically generated according to the system type of itself And corresponding test instruction and manipulation event are executed, this improves the test flexibilities of mobile application, and avoiding user needs Will be under different test scenes, manually input meets different instruction and writes the test instruction of specification, therefore also reduces movement The cumbersome degree of the test of application.
S104: scan request is issued to the web-page interface for being associated with the manipulation event, the scan request is for request pair The logic loophole of the web-page interface is detected.
During developing all kinds of mobile applications, event is manipulated for each single item that mobile application allows to execute, A corresponding bottom web interface can be provided, so that it is docked with the server of external third-parties.Therefore, according to exploitation The logical code that personnel pre-enter, determines web interface associated with currently performed manipulation event, and to determining Web interface issue scan request, to detect the web interface with the presence or absence of logic loophole.
Illustratively, if test instruction detected by system simulator is the operational order for submitting goods orders, Commodity payment events are then triggered, at this point, being grabbed by preset bottom web request, are identified corresponding with commodity payment events Web interface (for example, identifying mating interface address etc. provided by third party's shopping platform server).Therefore, for identification The obtained web interface executes scan request, to detect in the web interface with the presence or absence of logic loophole.
As a specific implementation example of the invention, the detection process of logic loophole includes: acquisition and scan request pair The parameter return value answered, and extract interface parameters included in the parameter return value;Load risk corresponding with the web interface Rule of judgment;Whether the interface parameters that Detection and Extraction obtain meets above-mentioned risk judgment condition;If testing result is yes, it is determined that There are the attacks of logic loophole.
Wherein, above-mentioned risk judgment condition includes but is not limited to: 1) sum for the interface parameters that parameter return value is included It is different from preset number of parameters;2) the parameter type parameter corresponding with web interface of the interface parameters currently detected Type is different;3) user account associated by interface parameters is different from user account entrained by scan request.
Illustratively, if Current Scan requests called web interface to be mainly used for inquiring goods orders number, order price And serial number these three parameters, then it should include three interface parameters in the parameter return value of the scan request, if practical prison The number of the interface parameters measured is four, it is determined that above-mentioned risk judgment condition 1) it sets up.
In the embodiment of the present invention, when any of the above-described risk judgment condition is set up, the risk judgment condition of the establishment is made It is returned for scanning response message.
S105: based on the scanning response message received, the corresponding test result of the web-page interface is exported.
In the embodiment of the present invention, if the scanning corresponding information received is non-null value, it is determined that there are any risk judgments Condition is set up, at this point, the corresponding test result of output web interface is that there are logic loophole risks;If the scanning received is corresponding Information is null value, it is determined that each risk judgment condition is invalid, therefore export the corresponding test result of web interface be there is no Logic loophole risk.
In the embodiment of the present invention, by installing mobile application to be tested in system simulator, user can utilize its visitor Family end connects system simulator in a manner of remote desktop, and then all kinds of manipulation events are simulated in the system simulator, so that Web page associated by mobile application is no longer only limitted in the client of mobile device, it is thereby achieved that user need not prepare Mobile terminal and the test operation to mobile application need not can be also executed, therefore is reduced in the case where bottom plug-in unit erroneous for installation The difficulty of test of mobile application improves test flexibility.Corresponding manipulation event is instructed by triggering test, is manipulated to association The web interface of event issues scan request, and ensure that can grab preset bottom web request, realize web interface Automatic identification, therefore, the embodiment of the present invention also improves the testing efficiency of mobile application.
As another embodiment of the invention, as shown in figure 3, after above-mentioned S103, further include step S106 and S107;It further include S108 and S109 after above-mentioned S105.The realization principle of each step is specific as follows:
S106: the test parameter with the manipulation event correlation is obtained.
In the embodiment of the present invention, the test parameter with manipulation event correlation includes the triggered time of manipulation event, manipulation control Part mark, manipulation related parameters during manipulation such as duration and response time.Detect it is any test refer to After the completion of enabling corresponding manipulation event, in preset log storage path, journal file corresponding with the manipulation event is obtained, And extract associated every test parameter.
S107: according to the trigger sequence of the manipulation event, successively by each manipulation event and the test parameter Corresponding relationship be recorded in preset information table.
Detect that multiple manipulation events are triggered in preset duration, then according to the elder generation in the triggered time of each manipulation event Sequence afterwards, is ranked up each manipulation event.Each manipulation event and its corresponding test parameter are recorded in presupposed information In the same record information of table, and make the triggered time earlier record information sorting belonging to manipulation event in the upper of information table Side.
S108: if detecting, the corresponding test result of the web-page interface is abnormal for test, by the information table, really Make the manipulation event of the last typing.
In the embodiment of the present invention, if detect the corresponding test result of the web-page interface be there are logic loophole risk, Then determine that current test is abnormal.At this point, the above-mentioned pre-generated information table of load.According to the system time at current time, at this In information table, the smallest record information of difference in triggered time and system time is found out, and right to the record information institute The manipulation event answered is read out, then the manipulation event is the manipulation event of the last typing.
S109: it based on the test parameter corresponding to the manipulation event, the retriggered manipulation event, and returns and holds The step of row web-page interface to the association manipulation event issues scan request.
In the above-mentioned record information that information table is found out, survey corresponding to the manipulation event of the last typing is read Try parameter.Since test parameter includes the parameters information of relevant manipulation event, it is based on parameters information, it is raw At the matched test instruction of manipulation event institute.By executing above-mentioned test instruction, the triggering again to the manipulation event is realized.
In the embodiment of the present invention, after the manipulation event of retriggered the last time institute's typing, returns and execute above-mentioned steps S104, to re-emit scan request to the web interface for being associated with the manipulation event.
In the embodiment of the present invention, the corresponding relationship of each manipulation event and its test parameter is recorded in by successively default Information table in, realize the recording to every manipulation event performed by user processing.Detecting that it is different that test process occurs Chang Shi, the information table obtained according to previous record sequentially execute the last manipulation event recorded, ensure that user in nothing Identical test parameter need to be repeatedly input, without being carried out in the case where clicking the operation such as selection by hand, system simulator also according to It is so able to achieve the automatic test effect of mobile application, this improves the testing efficiencies of mobile application.
As another embodiment of the invention, Fig. 4 shows the test side of mobile application provided in an embodiment of the present invention The implementation process of method.As shown in figure 4, after above-mentioned S102, further includes:
S110: legitimacy verifies are carried out to the account information of the client, and create an account login when verifying successfully Session.
In the embodiment of the present invention, in the Remote desk process request for receiving client sending, remote desktop is parsed Account information entrained by connection request.Wherein, account information includes account identification and account password.
Based on preset authorization access list, legitimacy verifies are carried out to above-mentioned account information.It is wrapped in authorization access list Contain each legal account identification and the corresponding account password of each legal account identification for licensing the mobile application.It is right In account identification and account password that active client is uploaded, if the account is identified as legal account identification, and the account Account cipher key match corresponding to password and the legal account identification, it is determined that current account information passes through legitimacy verifies, touching Send out the log-in events about account information.At this point, the Account Logon session of creation and client associate, and according to manipulation event Triggered time sequence, will be in the above-mentioned preset information table of every test parameter typing associated by the log-in events.
S111: it if detecting the Account Logon conversation, in the preset information table, obtains the last The triggered time of log-in events.
Every preset time interval, detecting the above-mentioned Account Logon session created whether there is session connection.It is in office At one moment, if detecting Account Logon session, there is no session connections, it is determined that Account Logon session is interrupted.At this point, right The information table of the above-mentioned corresponding relationship comprising each manipulation event and test parameter is loaded.
Optionally, according to the default mark of log-in events, the record letter comprising the default mark is found out in information table It ceases, and the triggered time of a record information of wherein typing at the latest is determined as to the triggered time of the last log-in events.
Optionally, the account information according to associated by above-mentioned login time finds out in information table and believes comprising the account The record information of breath, and the triggered time of a record information of wherein typing at the latest is determined as the last log-in events Triggered time.
S112: the N number of manipulation event recorded before the triggered time is determined, and according to corresponding described Test parameter sequentially executes N number of manipulation event and the log-in events;Wherein, the N is the preset value greater than zero.
In the embodiment of the present invention, since the arrangement order that every terms of information records in information table is with its corresponding triggered time For foundation, therefore after the triggered time for determining the last log-in events based on above-mentioned steps S111, can filter out in the touching N information of institute's typing records before sending out the time.To each information record filtered out, the manipulation event corresponding to it is read And test parameter, and it is based on the test parameter, retriggered is carried out to the manipulation event.
After the completion of the corresponding manipulation event of each information record filtered out triggers, triggered again about above-mentioned The log-in events of account information.
The embodiment of the present invention is suitable for the web interface scanning process of application to be tested, there are the unauthorized access of user Under the case where operating and login sessions is caused to interrupt, for example, user continues to execute other behaviour after the completion of log-in events Control event, but the illegal page may be accessed because of certain neglectful operations, then its user account will be forced to publish, Thus there is login sessions interruption.However, in mobile application, due to many application functions to be tested often require with Family can execute after executing register, therefore in the embodiment of the present invention, the moment keeps the detection to account login sessions, as long as It detects that current account login sessions interrupt, then web scanning no longer is carried out to manipulation event performed by user, but according to pre- All kinds of test parameters first recorded come after restoring log-in events automatically, unfinished web scanning before just continuing to execute.Cause This, avoid causes web interface to scan the problem of interrupting because the account of user is published, therefore improves the test of mobile application Efficiency and measuring stability.
As an embodiment of the present invention, Fig. 5 shows the test method of mobile application provided in an embodiment of the present invention Another specific implementation flow of S103, details are as follows:
S1034: if receiving the application logging request that the client issues, it is based on preset logic Hole Detection point Trigger safety detection event.
S1035: the corresponding testing result of the safety detection event is obtained.
S1036: if the testing result is that there are logic loophole risks, to described using use associated by logging request Family account executes account and publishes operation, and the user account is labeled as abnormality.
In web interface associated by log-in events, the point code that buries for triggering safety detection event is added in advance, then It is logic Hole Detection point that this, which buries point code,.Wherein, safety detection event is used for the application logging request for judging to be currently received Whether logic loophole risk is carried.
If user needs the login function of mobile application to be tested using its client, will receive client Hold the application logging request issued.At this point, being based on above-mentioned preset logic Hole Detection point, safety detection event is triggered.
In the embodiment of the present invention, if the corresponding feedback result of current safety detecting event be there are logic loophole risk, Account is carried out to user account associated by application logging request and publishes operation.If the corresponding feedback knot of current safety detecting event Fruit is that there is no logic loophole risks, then keeps current Account Logon session, and proceed to respond to the subsequent behaviour that user is triggered Control event.
In the embodiment of the present invention, by the application logging request about above-mentioned log-in events for receiving client sending When, it is based on preset logic Hole Detection point, automatic trigger safety detection event and corresponding feedback result can be obtained;By Feedback result is to carry out forcing to publish processing to the source user account of application logging request, protect there are when logic loophole risk It has demonstrate,proved under the case where attack occurs, attacker can not also patrol the follow-up business process except its extent of competence Attack test is collected, therefore realizes Prevention-Security to a certain extent, thus also improves the safety of mobile application.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Corresponding to the test method of mobile application described in foregoing embodiments, Fig. 6 shows provided in an embodiment of the present invention The structural block diagram of the test device of mobile application.For ease of description, only parts related to embodiments of the present invention are shown.
Referring to Fig. 6, which includes:
Running unit 61 is installed for running application installation package in system simulator, and in the system simulator Application to be tested.
Connection unit 62, the Remote desk process request for being issued according to client, enables the system simulator and institute It states client and establishes communication connection.
First acquisition unit 63 is instructed for obtaining the test that the client issues the application to be tested, and is touched Send out manipulation event corresponding with the test instruction.
Request unit 64, for issuing scan request, the scan request to the web-page interface for being associated with the manipulation event For requesting the logic loophole to the web-page interface to detect.
Output unit 65, for exporting the corresponding test knot of the web-page interface based on the scanning response message received Fruit.
Optionally, the test device of the mobile application further include:
Second acquisition unit, for obtaining the test parameter with the manipulation event correlation.
Recording unit, for the trigger sequence according to the manipulation event, successively by each manipulation event and described The corresponding relationship of test parameter is recorded in preset information table.
Determination unit, if for detecting that the corresponding test result of the web-page interface is abnormal for test, by described Information table determines the manipulation event of the last typing.
Return unit, for based on the test parameter corresponding to the manipulation event, the retriggered manipulation event, And it returns and executes described the step of issuing scan request to the web-page interface for being associated with the manipulation event.
Optionally, the test device of the mobile application further include:
Verification unit carries out legitimacy verifies for the account information to the client, and creates when verifying successfully Account Logon session.
Third acquiring unit, if for detecting the Account Logon conversation, in the preset information table, Obtain the triggered time of the last log-in events.
Execution unit, for determining the N number of manipulation event recorded before the triggered time, and according to right The test parameter answered sequentially executes N number of manipulation event and the log-in events.
Wherein, the N is the preset value greater than zero.
Optionally, the first acquisition unit 63 includes:
First obtains subelement, and the touch parameter uploaded for obtaining the client, the touch parameter is based on described The touch control gesture that client is captured generates.
Second obtains subelement, for obtaining the system type of the system simulator.
Parsing subunit, for being parsed by preset mapping algorithm with the matched function library of the system type The touch parameter obtains the handling function corresponding to the touch parameter.
Subelement is generated, for generating the test instruction based on the handling function, and in the system simulator, touching Send out manipulation event corresponding with the test instruction.
Optionally, the first acquisition unit 63 includes:
Subelement is triggered, if the application logging request issued for receiving the client, is based on preset logic Hole Detection point triggers safety detection event;
Third obtains subelement, for obtaining the corresponding testing result of the safety detection event.
Subelement is marked, if being to apply logging request to described there are logic loophole risk for the testing result Associated user account executes account and publishes operation, and the user account is labeled as abnormality.
Fig. 7 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in fig. 7, the terminal of the embodiment is set Standby 7 include: processor 70, memory 71 and are stored in the meter that can be run in the memory 71 and on the processor 70 Calculation machine program 72, such as the test program of mobile application.The processor 70 is realized above-mentioned when executing the computer program 72 Step in the test method embodiment of each mobile application, such as step 101 shown in FIG. 1 is to 105.Alternatively, the processing Device 70 realizes the function of each module/unit in above-mentioned each Installation practice when executing the computer program 72, such as shown in Fig. 6 The function of unit 61 to 65.
Illustratively, the computer program 72 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 71, and are executed by the processor 70, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 72 in the terminal device 7 is described.
The terminal device 7 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set It is standby.The terminal device may include, but be not limited only to, processor 70, memory 71.It will be understood by those skilled in the art that Fig. 7 The only example of terminal device 7 does not constitute the restriction to terminal device 7, may include than illustrating more or fewer portions Part perhaps combines certain components or different components, such as the terminal device can also include input-output equipment, net Network access device, bus etc..
Alleged processor 70 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng.
The memory 71 can be the internal storage unit of the terminal device 7, such as the hard disk or interior of terminal device 7 It deposits.The memory 71 is also possible to the External memory equipment of the terminal device 7, such as be equipped on the terminal device 7 Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge Deposit card (Flash Card) etc..Further, the memory 71 can also both include the storage inside list of the terminal device 7 Member also includes External memory equipment.The memory 71 is for storing needed for the computer program and the terminal device Other programs and data.The memory 71 can be also used for temporarily storing the data that has exported or will export.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program The medium of code.
The above, above embodiments are only to illustrate the technical solution of the application, rather than its limitations;Although referring to before Embodiment is stated the application is described in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these It modifies or replaces, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of test method of mobile application characterized by comprising
Application installation package is run in system simulator, and application to be tested is installed in the system simulator;
The Remote desk process request issued according to client, enables the system simulator and the client establish communication link It connects;
It obtains the test that the client issues the application to be tested to instruct, and triggers behaviour corresponding with the test instruction Control event;
Scan request is issued to the web-page interface for being associated with the manipulation event, the scan request connects the webpage for requesting The logic loophole of mouth is detected;
Based on the scanning response message received, the corresponding test result of the web-page interface is exported.
2. the test method of mobile application as described in claim 1, which is characterized in that obtain the client to institute described The test instruction that application to be tested issues is stated, and after triggering manipulation event corresponding with the test instruction, further includes:
Obtain the test parameter with the manipulation event correlation;
According to the trigger sequence of the manipulation event, successively by each manipulation event and the corresponding relationship of the test parameter It is recorded in preset information table;
Described based on the scanning response message received, after exporting the corresponding test result of the web-page interface, further includes:
If detecting, the corresponding test result of the web-page interface is abnormal for test, by the information table, determines recently The manipulation event of typing;
Based on the test parameter corresponding to the manipulation event, the retriggered manipulation event, and return execute it is described to The step of being associated with the web-page interface sending scan request of the manipulation event.
3. the test method of mobile application as claimed in claim 2, which is characterized in that described according to the remote of client sending Journey desktop connection request enables the system simulator and the client establish after communication connection, further includes:
Legitimacy verifies are carried out to the account information of the client, and create an account login sessions when verifying successfully;
If detecting the Account Logon conversation, in the preset information table, the last log-in events are obtained Triggered time;
Determine the N number of manipulation event recorded before the triggered time, and according to the corresponding test parameter, Sequentially execute N number of manipulation event and the log-in events;
Wherein, the N is the preset value greater than zero.
4. the test method of mobile application as described in claim 1, which is characterized in that described to obtain the client to described The test instruction that application to be tested issues, and trigger manipulation event corresponding with the test instruction, comprising:
Obtain the touch parameter that the client uploads, the touch control gesture that the touch parameter is captured based on the client It generates;
Obtain the system type of the system simulator;
With the matched function library of the system type, the touch parameter is parsed by preset mapping algorithm, is obtained pair The handling function of touch parameter described in Ying Yu;
The test instruction based on the handling function is generated, and in the system simulator, triggering and test instruction pair The manipulation event answered.
5. the test method of mobile application as described in claim 1, which is characterized in that described to obtain the client to described The test instruction that application to be tested issues, and trigger manipulation event corresponding with the test instruction, comprising:
If receiving the application logging request that the client issues, based on the triggering safety inspection of preset logic Hole Detection point Survey event;
Obtain the corresponding testing result of the safety detection event;
If the testing result is to execute to described using user account associated by logging request there are logic loophole risk Account publishes operation, and the user account is labeled as abnormality.
6. a kind of terminal device, including memory and processor, the memory, which is stored with, to be run on the processor Computer program, which is characterized in that the processor realizes following steps when executing the computer program:
Application installation package is run in system simulator, and application to be tested is installed in the system simulator;
The Remote desk process request issued according to client, enables the system simulator and the client establish communication link It connects;
It obtains the test that the client issues the application to be tested to instruct, and triggers behaviour corresponding with the test instruction Control event;
Scan request is issued to the web-page interface for being associated with the manipulation event, the scan request connects the webpage for requesting The logic loophole of mouth is detected;
Based on the scanning response message received, the corresponding test result of the web-page interface is exported.
7. terminal device as claimed in claim 6, which is characterized in that the processor goes back reality when executing the computer program Existing following steps:
Obtain the test parameter with the manipulation event correlation;
According to the trigger sequence of the manipulation event, successively by each manipulation event and the corresponding relationship of the test parameter It is recorded in preset information table;
If detecting, the corresponding test result of the web-page interface is abnormal for test, by the information table, determines recently The manipulation event of typing;
Based on the test parameter corresponding to the manipulation event, the retriggered manipulation event, and return execute it is described to The step of being associated with the web-page interface sending scan request of the manipulation event.
8. terminal device as claimed in claim 7, which is characterized in that the processor goes back reality when executing the computer program Existing following steps:
Legitimacy verifies are carried out to the account information of the client, and create an account login sessions when verifying successfully;
If detecting the Account Logon conversation, in the preset information table, the last log-in events are obtained Triggered time;
Determine the N number of manipulation event recorded before the triggered time, and according to the corresponding test parameter, Sequentially execute N number of manipulation event and the log-in events;
Wherein, the N is the preset value greater than zero.
9. terminal device as claimed in claim 6, which is characterized in that described to obtain the client to the application to be tested The test of sending instructs, and the step of triggering with the test instruction corresponding manipulation event, specifically includes:
Obtain the touch parameter that the client uploads, the touch control gesture that the touch parameter is captured based on the client It generates;
Obtain the system type of the system simulator;
With the matched function library of the system type, the touch parameter is parsed by preset mapping algorithm, is obtained pair The handling function of touch parameter described in Ying Yu;
The test instruction based on the handling function is generated, and in the system simulator, triggering and test instruction pair The manipulation event answered.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
CN201811116315.7A 2018-09-25 2018-09-25 Mobile application testing method, terminal equipment and medium Active CN109376078B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811116315.7A CN109376078B (en) 2018-09-25 2018-09-25 Mobile application testing method, terminal equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811116315.7A CN109376078B (en) 2018-09-25 2018-09-25 Mobile application testing method, terminal equipment and medium

Publications (2)

Publication Number Publication Date
CN109376078A true CN109376078A (en) 2019-02-22
CN109376078B CN109376078B (en) 2023-08-25

Family

ID=65402386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811116315.7A Active CN109376078B (en) 2018-09-25 2018-09-25 Mobile application testing method, terminal equipment and medium

Country Status (1)

Country Link
CN (1) CN109376078B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110764982A (en) * 2019-09-24 2020-02-07 钛马信息网络技术有限公司 Method and device for testing stomp application program
CN111049684A (en) * 2019-12-12 2020-04-21 闻泰通讯股份有限公司 Data analysis method, device, equipment and storage medium
CN111159028A (en) * 2019-12-23 2020-05-15 望海康信(北京)科技股份公司 Webpage testing method and device
CN111555928A (en) * 2020-04-14 2020-08-18 珠海格力电器股份有限公司 Method and device for monitoring system abnormity, computer equipment and storage medium
CN112019544A (en) * 2020-08-28 2020-12-01 支付宝(杭州)信息技术有限公司 Network interface security scanning method, device and system
CN112463580A (en) * 2019-09-09 2021-03-09 英业达科技有限公司 Test system and method based on virtualization device
CN112799970A (en) * 2021-04-08 2021-05-14 腾讯科技(深圳)有限公司 Test data processing method, device, electronic equipment and medium
CN113395348A (en) * 2021-06-11 2021-09-14 安谋科技(中国)有限公司 Vehicle-mounted chip, functional fault checking method and electronic equipment
CN113448746A (en) * 2020-12-30 2021-09-28 北京新氧科技有限公司 Configuration processing method, configuration platform and related equipment
CN113505079A (en) * 2021-07-27 2021-10-15 平安普惠企业管理有限公司 Application program testing method, device, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152458A (en) * 2011-12-07 2013-06-12 中国移动通信集团广东有限公司 Test mobile phone, remote mobile phone test system, method and device of remote mobile phone test
CN104156213A (en) * 2014-08-12 2014-11-19 百度在线网络技术(北京)有限公司 Android application running method and device
CN105787364A (en) * 2014-12-23 2016-07-20 深圳市腾讯计算机系统有限公司 Automated testing method, device and system for task
CN107346287A (en) * 2017-07-20 2017-11-14 广东艾檬电子科技有限公司 A kind of exam pool applied program testing method, terminal and simulator
US20170371769A1 (en) * 2016-06-28 2017-12-28 Intel Corporation Virtualizing precise event based sampling

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152458A (en) * 2011-12-07 2013-06-12 中国移动通信集团广东有限公司 Test mobile phone, remote mobile phone test system, method and device of remote mobile phone test
CN104156213A (en) * 2014-08-12 2014-11-19 百度在线网络技术(北京)有限公司 Android application running method and device
CN105787364A (en) * 2014-12-23 2016-07-20 深圳市腾讯计算机系统有限公司 Automated testing method, device and system for task
US20170371769A1 (en) * 2016-06-28 2017-12-28 Intel Corporation Virtualizing precise event based sampling
CN107346287A (en) * 2017-07-20 2017-11-14 广东艾檬电子科技有限公司 A kind of exam pool applied program testing method, terminal and simulator

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郭静等: "电力系统移动应用安全测试技术研究", 电力工程技术 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463580A (en) * 2019-09-09 2021-03-09 英业达科技有限公司 Test system and method based on virtualization device
CN110764982A (en) * 2019-09-24 2020-02-07 钛马信息网络技术有限公司 Method and device for testing stomp application program
CN111049684A (en) * 2019-12-12 2020-04-21 闻泰通讯股份有限公司 Data analysis method, device, equipment and storage medium
CN111159028A (en) * 2019-12-23 2020-05-15 望海康信(北京)科技股份公司 Webpage testing method and device
CN111159028B (en) * 2019-12-23 2023-08-01 望海康信(北京)科技股份公司 Webpage testing method and device
CN111555928A (en) * 2020-04-14 2020-08-18 珠海格力电器股份有限公司 Method and device for monitoring system abnormity, computer equipment and storage medium
CN112019544A (en) * 2020-08-28 2020-12-01 支付宝(杭州)信息技术有限公司 Network interface security scanning method, device and system
CN112019544B (en) * 2020-08-28 2022-10-11 支付宝(杭州)信息技术有限公司 Network interface security scanning method, device and system
CN113448746A (en) * 2020-12-30 2021-09-28 北京新氧科技有限公司 Configuration processing method, configuration platform and related equipment
CN113448746B (en) * 2020-12-30 2023-09-15 北京新氧科技有限公司 Configuration processing method, configuration platform and related equipment
CN112799970B (en) * 2021-04-08 2021-07-06 腾讯科技(深圳)有限公司 Test data processing method, device, electronic equipment and medium
CN112799970A (en) * 2021-04-08 2021-05-14 腾讯科技(深圳)有限公司 Test data processing method, device, electronic equipment and medium
CN113395348A (en) * 2021-06-11 2021-09-14 安谋科技(中国)有限公司 Vehicle-mounted chip, functional fault checking method and electronic equipment
CN113395348B (en) * 2021-06-11 2022-03-08 安谋科技(中国)有限公司 Vehicle-mounted chip, functional fault checking method and electronic equipment
CN113505079A (en) * 2021-07-27 2021-10-15 平安普惠企业管理有限公司 Application program testing method, device, equipment and medium

Also Published As

Publication number Publication date
CN109376078B (en) 2023-08-25

Similar Documents

Publication Publication Date Title
CN109376078A (en) Test method, terminal device and the medium of mobile application
US10956572B2 (en) Domain-specific hardwired web browser machine
CN104426885B (en) Abnormal account providing method and device
CN104219246B (en) A kind of control method and equipment of client display interface
US20150199512A1 (en) Apparatus and method for detecting abnormal behavior
CN107111725A (en) Private information is protected in input understanding system
CN103679031A (en) File virus immunizing method and device
CN109344611A (en) Access control method, terminal device and the medium of application
CN103780450B (en) The detection method and system of browser access network address
US9769159B2 (en) Cookie optimization
CN106789837B (en) Network anomalous behaviors detection method and detection device
CN109547426B (en) Service response method and server
WO2020164274A1 (en) Network verification data sending method and apparatus, and storage medium and server
CN107547495A (en) For protecting computer from the system and method for unwarranted remote management
CN108090351A (en) For handling the method and apparatus of request message
CN106650490B (en) The login method and device of cloud account
CN104954343B (en) Checking information processing method, server and system
CN106569860A (en) Application management method and terminal
CN110222510A (en) A kind of leak detection method, device and computer system
CN111031111A (en) Page static resource access method, device and system
CN112506798A (en) Performance test method, device, terminal and storage medium of block chain platform
CN109934014B (en) Method and terminal for detecting correctness of resource file
CN107506494A (en) Document handling method, mobile terminal and computer-readable recording medium
CN104618336A (en) Account number management method, device and system
CN112671605A (en) Test method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230801

Address after: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen LIAN intellectual property service center

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

Effective date of registration: 20230801

Address after: Room 08, 8-1 bungalow, No. 4 (Beichang), Dahongmen West Road, Fengtai District, Beijing 100071

Applicant after: Beijing Xinshi Technology Development Co.,Ltd.

Address before: 518000 Room 202, block B, aerospace micromotor building, No.7, Langshan No.2 Road, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen LIAN intellectual property service center

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant