CN113362173A - Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium - Google Patents

Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium Download PDF

Info

Publication number
CN113362173A
CN113362173A CN202110621633.4A CN202110621633A CN113362173A CN 113362173 A CN113362173 A CN 113362173A CN 202110621633 A CN202110621633 A CN 202110621633A CN 113362173 A CN113362173 A CN 113362173A
Authority
CN
China
Prior art keywords
information
assertion
button
button element
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110621633.4A
Other languages
Chinese (zh)
Inventor
吕斯特
郭晟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110621633.4A priority Critical patent/CN113362173A/en
Publication of CN113362173A publication Critical patent/CN113362173A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The disclosure provides a duplicate prevention mechanism verification method which can be used in the financial field. The method comprises the steps of constructing a request message sequence list according to button elements in a target webpage and request messages associated with the button elements; generating first assertion information and second assertion information associated with the button element according to the request message sequence table; generating simulation request information according to the attribute information of the button element and the request message; executing click operation aiming at the button element, and acquiring first response information corresponding to the simulation request information; under the condition that the first response information is successfully matched with the first assertion information, executing click operation aiming at the button element again, and acquiring second response information corresponding to the simulation request information; and generating a re-checking prevention result of the server according to the second response information and the second assertion information. The disclosure also provides a duplication prevention mechanism verification system, an electronic device, a storage medium and a computer program product.

Description

Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of finance and computer technology, and more particularly, to a duplication prevention mechanism verification method, a verification system, an electronic device, a storage medium, and a computer program product.
Background
According to the application safety standard of mechanisms such as banks and the like, aiming at the submission type button, a double re-proof verification guarantee mechanism of a client and a server is required. In particular to transaction submission of accounts, and prevents a client or business personnel from repeatedly clicking submission operation to cause business risk.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: at present, the manual checking method has the disadvantages of single operation mechanism, large repeated workload of testers, long time consumption of verification and inspection and low testing efficiency.
Disclosure of Invention
In view of the above, the present disclosure provides a duplicate prevention mechanism verification method and verification system.
One aspect of the present disclosure provides a duplication prevention mechanism verification method, including:
constructing a request message sequence list according to the button elements in the target webpage and the request messages associated with the button elements;
generating first assertion information and second assertion information associated with the button element according to the request message sequence table, wherein the first assertion information is different from the second assertion information;
under the condition that the client page is successfully re-checked, generating simulation request information according to the attribute information of the button element and the request message;
executing click operation aiming at the button element, and acquiring first response information corresponding to the simulation request information;
under the condition that the first response information is successfully matched with the first assertion information, executing click operation aiming at the button element again, and acquiring second response information corresponding to the simulation request information;
and generating a re-checking prevention result of the server according to the second response information and the second assertion information.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
acquiring the button elements and the attribute information in the target webpage;
and sequentially executing clicking operation aiming at each button element, and acquiring the request message associated with the button element.
According to an embodiment of the present disclosure, the acquiring the button element and the attribute information in the target webpage includes:
acquiring page data of the target page;
and determining the button elements and the attribute information in the target webpage according to the page data.
According to the embodiment of the disclosure, the client page anti-replay method comprises the following steps:
executing click operation aiming at the button element, and detecting the state information of the button element;
under the condition that the state information represents that the button element is effective, executing click operation aiming at the button element again, and detecting whether prompt information pops up or not;
and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the prompt information is detected to pop up.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the state information represents that the button element is invalid.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
and generating a verification result indicating that the client-side re-check failure is prevented under the condition that the prompt message is not detected to pop up.
According to an embodiment of the present disclosure, the attribute information includes at least one of: uniform resource locator text information and user local terminal data.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
and under the condition that the first response information and the first assertion information are matched unsuccessfully, the simulation request information is regenerated until the first response information corresponding to the simulation request information is matched with the first assertion information successfully.
According to an embodiment of the present disclosure, the generating a re-verification prevention result of the server according to the second response information and the second assertion information includes:
under the condition that the second response information is successfully matched with the second assertion information, generating a verification result indicating that the server-side anti-re-verification is successful; or
And generating a verification result indicating that the re-verification prevention of the server is successful under the condition that the second response information and the second assertion information are unsuccessfully matched.
Another aspect of the present disclosure provides a duplication prevention mechanism verification system, including:
the building module is used for building a request message sequence list according to the button elements in the target webpage and the request messages related to the button elements;
a first generation module, configured to generate, according to the request packet sequence table, first assertion information and second assertion information that are associated with the button element, where the first assertion information is different from the second assertion information;
the second generation module is used for generating simulation request information according to the attribute information of the button element and the request message under the condition that the client page is successfully re-checked;
a first obtaining module, configured to perform a click operation for the button element, and obtain first response information corresponding to the simulation request information;
the second obtaining module is used for executing the click operation aiming at the button element again under the condition that the first response information is successfully matched with the first assertion information, and obtaining second response information corresponding to the simulation request information;
and the third generating module is used for generating a re-checking prevention result of the server according to the second response information and the second assertion information.
Another aspect of the present disclosure provides an electronic device including: one or more processors; memory to store one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement a method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program product comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, first assertion information and second assertion information are generated according to a message sequence table constructed by button elements and request messages associated with the button elements, simulation request information is generated under the condition that the client page is successfully re-checked, and a check result is generated according to comparison between first response information and second response information corresponding to the simulation request information and the first assertion information and the second assertion information. Because the inspection result is obtained by comparing the response information with the assertion information, the test cost can be effectively reduced, the test efficiency is improved, the verification in the aspect of button anti-gravity can be ensured to be comprehensively covered, the omission risk is reduced, and the support is provided for the product quality guarantee.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which a anti-replay mechanism verification method may be applied, according to an embodiment of the present disclosure.
Fig. 2 schematically illustrates a flow chart of an anti-replay mechanism verification method according to an embodiment of the present disclosure.
Fig. 3 schematically shows a button element acquisition method according to an embodiment of the present disclosure.
Fig. 4 schematically shows a client-side page anti-replay verification method according to an embodiment of the present disclosure.
Fig. 5 schematically illustrates a method for anti-replay mechanism verification, according to another embodiment of the present disclosure.
Fig. 6 schematically illustrates a block diagram of an anti-replay mechanism verification system according to an embodiment of the present disclosure.
FIG. 7 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
According to the application safety standard of mechanisms such as banks and the like, aiming at the submission type button, a double re-proof verification guarantee mechanism of a client and a server is required. In particular to transaction submission of accounts, and prevents a client or business personnel from repeatedly clicking submission operation to cause business risk.
At present, a button anti-duplication method at a client is mainly realized by setting grey on a button, popping up a prompt box and the like. And the button anti-duplication on the server performs unique constraint and verification on fields such as application form numbers, serial numbers and the like. Most of the existing button anti-duplication verification methods are that a tester logs in a client page, selects a request button to be verified on the page, submits request data by continuously clicking the button manually, checks a return result, and observes whether page control or page prompt verification realizes a button anti-duplication mechanism of the client and a server. However, when the application involves more submission or approval related functions, the number of buttons is large, or when a technical improvement project is conducted on the buttons for special treatment, the manual verification workload is very large, test verification points are easy to omit, and the risk is high.
The existing part of scanning tools support to crawl all requests of a page and then record all request messages and corresponding messages, corresponding requests need to be found through corresponding request paths and method names for playback, corresponding results are compared and checked by testers, whether the anti-gravity effect is achieved or not is judged, and the workload of manual verification is large.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: at present, the manual checking method has the disadvantages of single operation mechanism, large repeated workload of testers, long time consumption of verification and inspection and low testing efficiency. Meanwhile, if the transaction is intercepted and replayed through a tool, screening of test button objects needs to be carried out in the page crawling request, screening difficulty is high when the number of page buttons or the number of requests is large, omission is prone to occurring, meanwhile, the time for repeatedly sending the transaction request needs to be manually controlled, and testing accuracy is difficult to guarantee.
Embodiments of the present disclosure provide a duplication prevention mechanism verification method, a verification system, an electronic device, a storage medium, and a computer program product. The anti-duplication mechanism verification method comprises the following steps: constructing a request message sequence list according to the button elements in the target webpage and the request messages associated with the button elements; generating first assertion information and second assertion information associated with the button element according to the request message sequence table, wherein the first assertion information is different from the second assertion information; under the condition that the client page is successfully re-checked, generating simulation request information according to the attribute information of the button element and the request message; executing click operation aiming at the button element, and acquiring first response information corresponding to the simulation request information; under the condition that the first response information is successfully matched with the first assertion information, executing click operation aiming at the button element again, and acquiring second response information corresponding to the simulation request information; and generating a re-checking prevention result of the server according to the second response information and the second assertion information.
It should be noted that the method and system for verifying the anti-duplication mechanism disclosed by the present disclosure can be used in the financial field and the computer technology field, and can also be used in any field except the financial field and the computer technology field.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the anti-replay mechanism verification method may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, and/or social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the anti-duplication mechanism verification method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the anti-replay mechanism verification system provided by the embodiments of the present disclosure may be generally disposed in the server 105. The anti-duplication mechanism verification method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the anti-duplication mechanism verification system provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Alternatively, the anti-duplication mechanism verification method provided by the embodiment of the present disclosure may also be executed by the terminal device 101, 102, or 103, or may also be executed by another terminal device different from the terminal device 101, 102, or 103. Accordingly, the anti-duplication mechanism verification system provided by the embodiment of the present disclosure may also be provided in the terminal device 101, 102, or 103, or in another terminal device different from the terminal device 101, 102, or 103.
For example, the anti-duplication mechanism to be authenticated may be originally installed in any one of the terminal devices 101, 102, or 103 (e.g., the terminal device 101, but not limited thereto). Then, the terminal device 101 may locally perform the anti-replay mechanism verification method provided by the embodiment of the present disclosure. The terminal device 101 may also be connected to another terminal device, a server, or a server cluster, and the another terminal device, the server, or the server cluster connected to the terminal device 101 executes the anti-duplication mechanism verification method provided in the embodiment of the present disclosure. Or the to-be-verified anti-duplication mechanism may be installed in a server or a server cluster, and the server or the server cluster installed with the to-be-verified anti-duplication mechanism locally executes the anti-duplication mechanism verification method provided by the embodiment of the disclosure.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 2 schematically illustrates a flow chart of an anti-replay mechanism verification method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S206.
In operation S201, a request message sequence table is constructed according to the button elements in the target webpage and the request messages associated with the button elements.
According to an embodiment of the present disclosure, the target web page may refer to, for example, a web page that needs to be presented on a carrier. The type of target interface may include a PC (personal computer) side web page, a counter side web page, or a mobile side web page. The carrier may comprise an electronic device, the electronic device may comprise a terminal device, and the terminal device may comprise a smartphone, a tablet, a laptop or desktop computer, or the like.
According to the embodiment of the disclosure, the target webpage may include at least one button element, for example, all the button elements are named, and the button elements and the request messages associated therewith are presented in a list form.
In operation S202, first assertion information and second assertion information associated with the button element are generated according to the request message sequence table, wherein the first assertion information is different from the second assertion information.
According to an embodiment of the present disclosure, the first assertion information may include, for example, a first assertion condition, and the second assertion information may include, for example, a second assertion condition. The first assertion condition may be used, for example, to determine whether a match with a request issued by pressing a button is successful. The second assertion condition may be used, for example, to determine whether anti-replay is successful when the request is repeatedly sent.
According to an embodiment of the present disclosure, a button element in the request message sequence list is selected to expose the request message associated with the button element. And generating a first assertion condition and a second assertion condition according to the request message. Further, the presentation method of the request message may be presented in a text form of a Json (JS Object Notation) message, for example. The generation modes of the first assertion condition and the second assertion condition can be automatically generated by the system or manually entered by a tester, for example.
According to the embodiment of the present disclosure, before the first assertion condition and the second assertion condition are generated, for example, the request packet may be adaptively modified according to specific implementation needs, and then the first assertion condition and the second assertion condition are generated according to the modified request packet.
In operation S203, in the case that the client page anti-replay check is successful, simulation request information is generated according to the attribute information of the button element and the request message.
According to an embodiment of the present disclosure, the attribute information may include, for example, URL (uniform resource locator) text information, cookies (data stored on the user's local terminal) information, and the like. The request message may include, for example, request data, a request header, and the like.
In operation S204, a click operation is performed with respect to a button element, and first response information corresponding to the simulation request information is acquired.
According to the embodiment of the disclosure, when the button element is clicked, the simulation request information may be sent through a Requests library, for example, to obtain the first response information, and the first response information is matched with the first assertion condition, so as to verify whether the simulation request information is sent successfully and return an expected result.
In operation S205, in a case where the first response information and the first assertion information are successfully matched, the click operation for the button element is performed again, and the second response information corresponding to the simulation request information is acquired.
In operation S206, a re-verification-preventing result of the server is generated according to the second response information and the second assertion information.
According to the embodiment of the disclosure, first assertion information and second assertion information are generated according to a message sequence table constructed by button elements and request messages associated with the button elements, simulation request information is generated under the condition that the client page is successfully re-checked, and a check result is generated according to comparison between first response information and second response information corresponding to the simulation request information and the first assertion information and the second assertion information. Because the inspection result is obtained by comparing the response information with the assertion information, the test cost can be effectively reduced, the test efficiency is improved, the verification in the aspect of button anti-gravity can be ensured to be comprehensively covered, the omission risk is reduced, and the support is provided for the product quality guarantee.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
acquiring button elements and attribute information in a target webpage; and sequentially executing clicking operation aiming at each button element, and acquiring a request message associated with the button element.
According to the embodiment of the present disclosure, the button element obtaining method may be determined by, for example, using a Selenium (automated testing tool) to locate elements with "button" in all tags in the target web page. When one button element is found, attribute information corresponding to the button element is recorded.
According to an embodiment of the present disclosure, after determining a button element, for example, a naming process may be performed thereon, and a naming format may include, for example: button + determines the order (e.g., button 1).
According to the embodiment of the disclosure, after all button elements are recorded, the recorded attribute information is matched through a find _ element.
According to the embodiment of the disclosure, in the processing process, if any button element is not crawled in the target webpage, the process ends after prompting that the webpage has no button which can be verified.
According to an embodiment of the present disclosure, acquiring the button element and the attribute information in the target web page includes:
acquiring page data of a target page; and determining the button elements and the attribute information in the target webpage according to the page data.
According to the embodiment of the disclosure, data analysis is firstly carried out on a target page, a corresponding webpage is opened after a url of the target page is input, and front-end page data are output. Data analysis is performed on the page data.
Fig. 3 schematically shows a button element acquisition method according to an embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S310 to S370.
Operation S310 is first performed, and page elements are crawled after data processing is performed on the target page. In operation S320, it is detected whether a button element exists in the target page.
In the case where there is no button element, operation S370 is performed, prompting the target page to have no button element.
In the case where there are button elements, operation S330 is performed to name each button element according to a preset naming rule every time one button element is crawled. In operation S340, the button is automatically clicked, the attribute name and the request message of the button are recorded, and the recorded information is matched with the name of the button. In operation S350, it is detected whether the button element is still positioned downward on the target page. In the case where the button element still exists, operation S330 is performed. In the case where there is no button element, operation S360 is performed to show the crawling result.
According to the embodiment of the disclosure, the client page anti-replay method comprises the following steps:
executing click operation aiming at the button elements, and detecting state information of the button elements; under the condition that the state information represents that the button elements are effective, click operation aiming at the button elements is executed again, and whether prompt information pops up or not is detected; and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the pop-up prompt information is detected.
According to an embodiment of the present disclosure, the method for performing the click operation may include a find _ element. The state information of the button element may include, for example, a valid state and an invalid state. The valid state may include, for example, an available state. The invalid state may include, for example, a disabled state. The prompt information may include, for example, a prompt box, a prompt tone, and the like.
According to the embodiment of the disclosure, the client page anti-replay method further comprises the following steps:
and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the state information representation button element is invalid.
According to the embodiment of the disclosure, the client page anti-replay method further comprises the following steps:
and under the condition that the pop-up prompt information is not detected, generating a verification result indicating that the client-side re-check failure is prevented.
Fig. 4 schematically shows a client-side page anti-replay verification method according to an embodiment of the present disclosure.
As shown in fig. 4, the method includes operations S410 to S460.
First, operation S410 is performed, a button in the target page is located and clicked automatically. In operation S420, the state of the button element is detected.
And when the state of the button element is the forbidden state, indicating that the client page anti-replay verification is successful, executing operation S450 and outputting a verification result.
In a state where the state of the button element is available, operation S430 is performed, the button is positioned again and clicked. In operation S440, it is detected whether a prompt message pops up in the target page.
If the prompt information is detected to exist, the client page anti-replay verification is successful, operation S450 is executed, and a verification result is output.
If the prompt information is not detected, it indicates that the client page re-check fails, the operation S460 is executed, and a check result is output.
And repeating the steps until all the button elements in the target page are checked.
According to an embodiment of the present disclosure, the attribute information includes at least one of: uniform resource locator text information and user local terminal data.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification method further includes:
and under the condition that the first response information and the first assertion information are matched unsuccessfully, regenerating the simulation request information until the first response information corresponding to the simulation request information is matched with the first assertion information successfully.
According to the embodiment of the disclosure, if the first response information and the first assertion information fail to match, it indicates that the simulation request does not have the expected correspondence. The verification may also be ended when the matching of the first response information and the first assertion information fails.
According to the embodiment of the disclosure, generating the re-proof check result of the server according to the second response information and the second assertion information includes:
under the condition that the second response information is successfully matched with the second assertion information, generating a verification result indicating that the re-verification prevention of the server is successful; or under the condition that the second response information and the second assertion information are unsuccessfully matched, generating a verification result indicating that the server-side anti-re-verification is successful.
Fig. 5 schematically illustrates a method for anti-replay mechanism verification, according to another embodiment of the present disclosure.
As shown in fig. 5, the method includes operations S510 to S580.
First, operation S510 is performed to transmit a dummy request through the Requests library. Operation S520 is performed to record first response information for the virtual request. In operation S530, it is determined whether the first response information matches the first assertion condition.
In case the first response information does not match the first assertion condition, for example, operation S510 may be re-executed. Further, before re-performing operation S510, for example, the virtual request may be re-generated, and operation S510 may be performed using the re-generated virtual request. Or, in the case where the first response information does not match the first assertion condition, the verification work is ended.
In the case that the first response information matches the first assertion condition, operation S540 is performed, and the virtual request is sent again through the Requests library, further, for example, an interval time may be preset, so that a certain time interval exists between the time when the virtual request is sent for the second time and the time when the virtual request is sent for the first time. Operation S550 is performed to record second response information for the virtual request. In operation S560, it is determined whether the second response information matches the second assertion condition.
If the second response information does not match the second assertion condition, indicating that the server-side anti-replay check fails, operation S580 is performed to output a check result. And under the condition that the second response information is matched with the second assertion condition, indicating that the server-side anti-re-verification is successful, executing operation S560, and outputting a verification result.
It should be noted that, unless explicitly stated that there is an execution sequence between different operations or there is an execution sequence between different operations in technical implementation, the execution sequence between multiple operations may not be sequential, or multiple operations may be executed simultaneously in the flowchart in this disclosure.
According to the embodiment of the disclosure, the anti-duplication mechanism verification method can display the anti-duplication mechanism display result after repeated clicking on the target page of the client, and meanwhile, request replay and result assertion comparison are automatically executed according to the selection of the tester, so that the tester only needs to pay attention to whether the returned result of the tool is anti-duplication or not, and does not need to automatically perform request replay and corresponding result comparison, thereby lowering the test threshold, improving the test efficiency and effectively reducing the test workload of the current verification anti-duplication technology.
Furthermore, according to the embodiment of the disclosure, the controllability of the test is increased while the front-end and back-end verification effects are effectively guaranteed, the contents of the crawled pages are matched with the listed button elements, and then the tester selects the button request needing to be repeatedly clicked for verification, so that the tester can perform more targeted tests.
Fig. 6 schematically illustrates a block diagram of an anti-replay mechanism verification system according to an embodiment of the present disclosure.
As shown in fig. 6, the anti-duplication mechanism verification system 600 includes a building module 601, a first generating module 602, a second generating module 603, a first obtaining module 604, a second obtaining module 605, and a third generating module 606.
A constructing module 601, configured to construct a request message sequence table according to the button elements in the target webpage and the request messages associated with the button elements;
a first generating module 602, configured to generate, according to the request message sequence table, first assertion information and second assertion information associated with the button element, where the first assertion information is different from the second assertion information;
a second generating module 603, configured to generate, according to the attribute information of the button element and the request message, simulation request information under the condition that the client page is successfully re-checked;
a first obtaining module 604, configured to perform a click operation on a button element, and obtain first response information corresponding to the simulation request information;
a second obtaining module 605, configured to, when the first response information is successfully matched with the first assertion information, perform click operation on the button element again, and obtain second response information corresponding to the simulation request information;
a third generating module 606, configured to generate a re-verification-preventing result of the server according to the second response information and the second assertion information.
According to the embodiment of the disclosure, first assertion information and second assertion information are generated according to a message sequence table constructed by button elements and request messages associated with the button elements, simulation request information is generated under the condition that the client page is successfully re-checked, and a check result is generated according to comparison between first response information and second response information corresponding to the simulation request information and the first assertion information and the second assertion information. Because the inspection result is obtained by comparing the response information with the assertion information, the test cost can be effectively reduced, the test efficiency is improved, the verification in the aspect of button anti-gravity can be ensured to be comprehensively covered, the omission risk is reduced, and the support is provided for the product quality guarantee.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification system 600 further includes a third obtaining module and a fourth obtaining module.
And the third acquisition module is used for acquiring the button elements and the attribute information in the target webpage.
And the fourth acquisition module is used for sequentially executing the click operation aiming at each button element and acquiring the request message associated with the button element.
According to an embodiment of the present disclosure, the third acquisition module includes a first acquisition unit and a determination unit.
The first acquisition unit is used for acquiring page data of the target page.
And the determining unit is used for determining the button elements and the attribute information in the target webpage according to the page data.
According to an embodiment of the present disclosure, the second generating module 603 includes: the device comprises a first detection unit, a second detection unit and a first generation unit.
The first detection unit is used for executing clicking operation aiming at the button elements and detecting the state information of the button elements.
And the second detection unit is used for executing the click operation aiming at the button element again under the condition that the state information representation button element is effective and detecting whether the prompt information pops up or not.
And the first generating unit is used for generating a verification result indicating that the client-side re-proof verification is successful under the condition that the pop-up prompt information is detected.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification system 600 further includes a fourth generation module.
And the fourth generation module is used for generating a verification result indicating that the client-side re-proof verification is successful under the condition that the state information representation button element is invalid.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification system 600 further includes a fifth generation module.
And the fifth generation module is used for generating a verification result indicating that the client-side re-check failure is prevented under the condition that the pop-up prompt information is not detected.
According to an embodiment of the present disclosure, the attribute information includes at least one of: uniform resource locator text information and user local terminal data.
According to an embodiment of the present disclosure, the anti-duplication mechanism verification system 600 further includes a sixth generation module.
And the sixth generating module is used for regenerating the simulation request information under the condition that the first response information is unsuccessfully matched with the first assertion information until the first response information corresponding to the simulation request information is successfully matched with the first assertion information.
According to an embodiment of the present disclosure, the third generating module 606 includes a second generating unit and a third generating unit.
And the second generating unit is used for generating a verification result indicating that the re-verification prevention of the server side is successful under the condition that the second response information is successfully matched with the second assertion information.
And the third generating unit is used for generating a verification result indicating that the re-verification prevention of the server side is successful under the condition that the second response information is unsuccessfully matched with the second assertion information.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the building module 601, the first generating module 602, the second generating module 603, the first obtaining module 604, the second obtaining module 605 and the third generating module 606 may be combined and implemented in one module/unit/sub-unit, or any one module/unit/sub-unit thereof may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the building module 601, the first generating module 602, the second generating module 603, the first obtaining module 604, the second obtaining module 605 and the third generating module 606 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or a suitable combination of any of them. Alternatively, at least one of the building module 601, the first generating module 602, the second generating module 603, the first obtaining module 604, the second obtaining module 605 and the third generating module 606 may be at least partially implemented as a computer program module, which when executed may perform a corresponding function.
It should be noted that the duplicate prevention mechanism verification system portion in the embodiment of the present disclosure corresponds to the duplicate prevention mechanism verification method portion in the embodiment of the present disclosure, and the description of the duplicate prevention mechanism verification system portion specifically refers to the duplicate prevention mechanism verification method portion, which is not described herein again.
FIG. 7 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure. The computer system illustrated in FIG. 7 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 7, a computer system 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the system 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM 702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the system 700 may also include an input/output (I/O) interface 705, the input/output (I/O) interface 705 also being connected to the bus 704. The system 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by the processor 701, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 702 and/or the RAM 703 and/or one or more memories other than the ROM 702 and the RAM 703 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being configured to cause the electronic device to implement the anti-replay mechanism verification method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 701, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (13)

1. A anti-duplication mechanism verification method, comprising:
constructing a request message sequence list according to the button elements in the target webpage and the request messages associated with the button elements;
generating first assertion information and second assertion information associated with the button element according to the request message sequence table, wherein the first assertion information is different from the second assertion information;
under the condition that the client page is successfully re-checked, generating simulation request information according to the attribute information of the button element and the request message;
executing click operation aiming at the button element, and acquiring first response information corresponding to the simulation request information;
under the condition that the first response information is successfully matched with the first assertion information, executing click operation aiming at the button element again, and acquiring second response information corresponding to the simulation request information;
and generating a re-checking prevention result of the server according to the second response information and the second assertion information.
2. The method of claim 1, further comprising:
acquiring the button elements and the attribute information in the target webpage;
and sequentially executing clicking operation aiming at each button element, and acquiring the request message associated with the button element.
3. The method of claim 2, wherein the obtaining the button element and the attribute information in the target web page comprises:
acquiring page data of the target page;
and determining the button elements and the attribute information in the target webpage according to the page data.
4. The method of claim 1, wherein the client-side page anti-replay method comprises:
executing click operation aiming at the button element, and detecting the state information of the button element;
under the condition that the state information represents that the button element is effective, executing click operation aiming at the button element again, and detecting whether prompt information pops up or not;
and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the prompt information is detected to pop up.
5. The method of claim 4, further comprising:
and generating a verification result indicating that the client-side re-verification prevention is successful under the condition that the state information represents that the button element is invalid.
6. The method of claim 4, further comprising:
and generating a verification result indicating that the client-side re-check failure is prevented under the condition that the prompt message is not detected to pop up.
7. The method of claim 1, wherein the attribute information includes at least one of: uniform resource locator text information and user local terminal data.
8. The method of claim 1, further comprising:
and under the condition that the first response information and the first assertion information are matched unsuccessfully, the simulation request information is regenerated until the first response information corresponding to the simulation request information is matched with the first assertion information successfully.
9. The method of claim 1, wherein the generating a server-side anti-replay check result according to the second response information and the second assertion information comprises:
under the condition that the second response information is successfully matched with the second assertion information, generating a verification result indicating that the server-side anti-re-verification is successful; or
And generating a verification result indicating that the re-verification prevention of the server is successful under the condition that the second response information and the second assertion information are unsuccessfully matched.
10. A anti-duplication mechanism verification system comprising:
the building module is used for building a request message sequence list according to the button elements in the target webpage and the request messages related to the button elements;
a first generation module, configured to generate, according to the request packet sequence table, first assertion information and second assertion information that are associated with the button element, where the first assertion information is different from the second assertion information;
the second generation module is used for generating simulation request information according to the attribute information of the button element and the request message under the condition that the client page is successfully re-checked;
a first obtaining module, configured to perform a click operation for the button element, and obtain first response information corresponding to the simulation request information;
the second obtaining module is used for executing the click operation aiming at the button element again under the condition that the first response information is successfully matched with the first assertion information, and obtaining second response information corresponding to the simulation request information;
and the third generating module is used for generating a re-checking prevention result of the server according to the second response information and the second assertion information.
11. An electronic device, comprising:
one or more processors;
a memory to store one or more instructions that,
wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 9.
13. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 9 when executed.
CN202110621633.4A 2021-06-03 2021-06-03 Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium Pending CN113362173A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110621633.4A CN113362173A (en) 2021-06-03 2021-06-03 Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110621633.4A CN113362173A (en) 2021-06-03 2021-06-03 Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113362173A true CN113362173A (en) 2021-09-07

Family

ID=77532090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110621633.4A Pending CN113362173A (en) 2021-06-03 2021-06-03 Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113362173A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113094047A (en) * 2021-04-01 2021-07-09 山石网科通信技术股份有限公司 Method and device for processing webpage buttons, storage medium and processor
CN116909260A (en) * 2023-09-12 2023-10-20 常州星宇车灯股份有限公司 Intelligent driving domain controller test verification method for simulating HIL (high-performance liquid chromatography) rack

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113094047A (en) * 2021-04-01 2021-07-09 山石网科通信技术股份有限公司 Method and device for processing webpage buttons, storage medium and processor
CN113094047B (en) * 2021-04-01 2022-09-06 山石网科通信技术股份有限公司 Method and device for processing webpage buttons, storage medium and processor
CN116909260A (en) * 2023-09-12 2023-10-20 常州星宇车灯股份有限公司 Intelligent driving domain controller test verification method for simulating HIL (high-performance liquid chromatography) rack
CN116909260B (en) * 2023-09-12 2023-12-01 常州星宇车灯股份有限公司 Intelligent driving domain controller test verification method for simulating HIL (high-performance liquid chromatography) rack

Similar Documents

Publication Publication Date Title
US9218332B2 (en) Method and system for auto-populating electronic forms
US20180131779A1 (en) Recording And Triggering Web And Native Mobile Application Events With Mapped Data Fields
US11503070B2 (en) Techniques for classifying a web page based upon functions used to render the web page
US20130185645A1 (en) Determining repeat website users via browser uniqueness tracking
US9740668B1 (en) Plotting webpage loading speeds and altering webpages and a service based on latency and pixel density
US10164848B1 (en) Web service fuzzy tester
CN111914262A (en) Test method, device, system, electronic equipment and storage medium
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
US11356433B2 (en) System and method for detecting unauthorized activity at an electronic device
CN113362173A (en) Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium
US11005877B2 (en) Persistent cross-site scripting vulnerability detection
US9021596B2 (en) Correcting workflow security vulnerabilities via static analysis and virtual patching
CN113535577B (en) Application testing method and device based on knowledge graph, electronic equipment and medium
CN112965916B (en) Page testing method, page testing device, electronic equipment and readable storage medium
CN113162937A (en) Application safety automatic detection method, system, electronic equipment and storage medium
CN111930629A (en) Page testing method and device, electronic equipment and storage medium
CN114301713A (en) Risk access detection model training method, risk access detection method and risk access detection device
US9858549B2 (en) Business transaction resource usage tracking
CN113132400A (en) Business processing method, device, computer system and storage medium
CN110659897A (en) Method, system, computing device and medium for transaction verification
CN113535568B (en) Verification method, device, equipment and medium for application deployment version
CN111489184A (en) Method, device, server, client and medium for verifying click behavior
CN112948269B (en) Information processing method, information processing apparatus, electronic device, and readable storage medium
CN113360417A (en) Test method, session modifier, electronic device, and medium
CN114817007A (en) Information processing method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination