CN113392347A - Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium - Google Patents

Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium Download PDF

Info

Publication number
CN113392347A
CN113392347A CN202110945964.3A CN202110945964A CN113392347A CN 113392347 A CN113392347 A CN 113392347A CN 202110945964 A CN202110945964 A CN 202110945964A CN 113392347 A CN113392347 A CN 113392347A
Authority
CN
China
Prior art keywords
information
routing
api
probe
route
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110945964.3A
Other languages
Chinese (zh)
Other versions
CN113392347B (en
Inventor
张涛
宁戈
张弛
李�浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Anpro Information Technology Co ltd
Original Assignee
Beijing Anpro Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Anpro Information Technology Co ltd filed Critical Beijing Anpro Information Technology Co ltd
Priority to CN202110945964.3A priority Critical patent/CN113392347B/en
Publication of CN113392347A publication Critical patent/CN113392347A/en
Application granted granted Critical
Publication of CN113392347B publication Critical patent/CN113392347B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the application discloses a method and a device for acquiring a Web backend API based on instrumentation and a storage medium. The instrumentation-based Web backend API acquisition method comprises the following steps: the method comprises the steps of obtaining routing rule information, namely a mapping set of URL paths and an actual processing program, in a routing rule registration process when a target Web application program runs, namely a process that a routing registration module registers a routing rule in a routing system through a first probe in a pre-instrumented routing registration function of the target Web application program, and respectively generating corresponding API information and outputting the API information according to mapping relation information of each URL path in the mapping set and the actual processing program. Compared with the prior art, the scheme is beneficial to comprehensively and effectively mastering the Web back-end API of the target Web application program.

Description

Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium
Technical Field
The embodiments disclosed in the present application mainly relate to the technical field related to Web backend APIs, and more particularly, to a method and an apparatus for obtaining a post-instrumentation-based Web backend API, and a storage medium.
Background
Web applications typically employ a master-slave architecture. A Web application in a master-slave architecture is considered to be a front-end (generally, a browser, a part running on a client program, or the client program itself) and a back-end (generally, a part running on a server). Thanks to the development of front-end technology, front-end and back-end separation has become a standard matching mode for developing internet projects and related Web application programs in the industry. Through effective decoupling of the front end and the rear end, separation of the front end and the rear end is achieved, the front end starts to pay more attention to engineering and automation of page development, the rear end is more focused on providing of an API (the API is mainly an important rear end routing implementation mode in a front-rear end separation mode) and guaranteeing of a database, and therefore the possibility is provided for a large-scale distributed architecture, an elastic computing architecture, a micro-service architecture, multi-end service and the like of a software system.
In the whole life cycle of the software project, because of the important role (back-end routing) and significance (front-end decoupling is realized) of the API provided by the back-end, if the whole API provided by the back-end in the Web application program can be mastered, the development of the work of the software project, such as development, testing, operation and maintenance, and the like, can be facilitated.
However, whether by development team manual statistics or by traditional means-crawler crawling, the goal of obtaining the Web backend full-scale API is unjustly. Therefore, how to obtain the full amount of APIs provided by the backend of the target Web application is a technical problem to be solved in the art.
Disclosure of Invention
According to the embodiments disclosed in the present application, a scheme for obtaining a Web backend API (i.e., an API provided by a Web backend, which mainly refers to a very important backend routing implementation manner in a front-end and back-end separation mode) is provided.
In a first aspect of the disclosure, a instrumentation-based Web backend API acquisition method is provided. The method comprises the following steps: acquiring a mapping set of a URL path corresponding to a routing rule and an actual processing program in a routing rule registration process when a target Web application program runs, namely a process that a routing registration module registers the routing rule in a routing system through a first probe in a pre-instrumented routing registration function of the target Web application program; respectively generating corresponding API information according to the mapping relation information of each URL path in the mapping set and an actual processing program, and outputting the API information; each piece of the API information includes corresponding URL path information.
In a second aspect of the present disclosure, a instrumentation-based Web backend API acquisition apparatus is provided. The device includes: the system comprises a pile inserting module and an API acquisition module; the instrumentation module is configured to instrumentation a first probe in a route registration function of a target Web application program, so as to acquire data related to the API in the running process of the target Web application program; the API acquisition module comprises the first probe; the first probe is configured to acquire data related to the API such as a mapping set of a URL path and an actual processing program in the process of registering a routing rule in a routing system by a routing registration module, respectively generate corresponding API information according to mapping relation information of each URL path in the mapping set and the actual processing program, and output the API information; each piece of the API information includes corresponding URL path information.
In a third aspect of the present disclosure, a instrumentation-based Web backend API acquisition apparatus is provided. The device includes: at least one processor, a memory coupled to the at least one processor, and a computer program stored in the memory; wherein a processor executes the computer program to implement the method according to the first aspect.
In a fourth aspect of the disclosure, a computer-readable storage medium is provided. The medium has stored thereon test-related computer instructions capable, when executed by a computer processor, of carrying out the method according to the first aspect.
In a fifth aspect of the disclosure, a computer program product is provided. The program product comprises a computer program enabling the implementation of the method according to the first aspect when executed by a computer processor.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 illustrates a schematic diagram of an example environment in which embodiments of the present disclosure can be implemented and a request access process in the example environment; FIG. 1 (a) is a schematic diagram illustrating a summary process of requesting access in this example environment; FIG. 1 (b) is a schematic diagram illustrating an example of a routing system in the example environment and a request routing process based thereon;
FIG. 2 is a schematic diagram illustrating an example of registering a routing rule to a routing table in some of the disclosed routing processes in the above embodiments, and a routing process for requesting an incoming route to an application based on the routing mechanism;
FIG. 3 is a schematic diagram illustrating the actual processing of some of the disclosed requests entering the MVC application by routing the requests to an MVC module, such as a controller, via a routing table in the above embodiments;
FIG. 4 is a schematic diagram illustrating the process of route discovery and actual processing after some disclosed requests enter the MVC application in the above embodiments;
FIG. 5 is a schematic diagram illustrating the process of route discovery and actual processing after some disclosed requests enter the MVT application in the above embodiments;
FIG. 6 illustrates a schematic diagram of a process for instrumentation-based acquisition of a Web backend API, in accordance with embodiments of the present disclosure;
fig. 7 shows a schematic diagram of a process of obtaining routing rule information by instrumenting a first probe to a routing rule addition method in a routing registration function according to an embodiment of the present disclosure;
fig. 8 shows a schematic diagram of a process of instrumenting a first probe in a route decoration/scan annotation method in a route registration function to obtain routing rule information, according to an embodiment of the disclosure;
FIG. 9 illustrates a block diagram of an instrumentation-based Web backend API acquisition apparatus according to an exemplary implementation of the present disclosure;
FIG. 10 illustrates a block diagram of a computing device capable of implementing various embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
The terms "include" and its similar terms are to be understood as open-ended inclusions, i.e., "including but not limited to," in the description of the embodiments of the present disclosure. The term "based on" should be understood as "based at least in part on". The term "one embodiment" or "the embodiment" should be understood as "at least one embodiment". The terms "first" and the like may refer to different or the same object. Other explicit and implicit definitions are also possible below.
In the description of the embodiments of the present disclosure, the technical term "instrumentation", also called "program instrumentation", refers to inserting a "probe" into a program on the basis of ensuring the original logic integrity of the program under test, and acquiring running characteristic data (i.e. running data) of the program through the execution of the "probe"; by analyzing the target characteristic data, dynamic information such as control flow, data flow, logic coverage and the like of a program can be obtained, and a corresponding testing purpose is realized. The probe is essentially a code segment for information collection. The "probe" in the embodiments of the present disclosure may be designed and implemented with a corresponding custom function according to differences in peg points, test purposes, requirements, etc., in addition to being used for acquiring request data and return data, acquiring data transferred in code execution, monitoring specific values in memory, recognizing contaminated inputs, etc.
In the description of the embodiments of the present disclosure, the technical term "target Web application" refers to a Web application that is taken as a test object, that is, a target object whose entire amount of external API information is to be found in some embodiments, and an object whose test coverage is to be determined in a test performed on the target Web application as the test object in some embodiments. In the description of the embodiments of the present disclosure, the technical term "target Web application" mainly refers to a Web backend application, that is, unless otherwise specified, "target Web application" specifically refers to a Web backend application that provides the API to the outside.
The Web, the World Wide Web, is a system of linked hypertext documents accessed through the internet. The Web (world wide Web) is the core of the development of the information age and is the main tool for billions of people to interact on the internet. Unlike the internet, which is a worldwide interconnected computer network system, the world wide web is a worldwide collection of documents and other resources connected by hyperlinks and uniform resource identifiers. The Web can be understood as a Web service built on the internet that makes it possible to provide users with graphical, easy-to-operate access services (e.g., to find and browse information, etc.) on the internet. Generally, when a Web page or other network resource is to be accessed, a Uniform Resource Locator (URL) of the Web page to be accessed is usually keyed into a browser or linked to the corresponding Web page or network resource in a hyperlink manner; after determining the IP address of the server through a series of operations such as domain name resolution and the like, sending an HTTP request to the server working at the IP address; typically, HTML text, pictures, and all other documents that make up the web page are quickly requested and sent back to the user one by one. The Web application is an application that can be accessed through the Web; it can load specific business logic and implement the above access process more efficiently in the business processing process.
Web applications typically employ a master-slave architecture. The master-slave mode structure mainly has two modes of C/S, B/S; wherein, the C/S is a client end/server end program, and generally operates independently; the B/S, i.e., browser-side/server-side application, generally needs to be run with the help of a browser. Generally, Web applications are mostly based on the B/S mode, and with the advent of the mobile internet era, more and more Web applications based on the C/S mode, such as APP, applet, H5, and the like, are emerging. For the development, operation and maintenance life cycle of software projects/products, whether B/S (browser end/server end) or C/S (client end/server end program), the Web application of the master-slave architecture is considered as two parts, namely a front end (generally, a browser, a part running on a client end program or a client end program itself) and a back end (generally, a server end program).
Thanks to the development of front-end technology, front-end and back-end separation has become a standard matching mode for developing internet projects and related Web application programs in the industry. Through effective decoupling of the front end and the rear end, separation of the front end and the rear end is achieved, the front end starts to pay more attention to engineering and automation of page development, the rear end is more focused on providing of an API (the API is mainly an important rear end routing implementation mode in a front-rear end separation mode) and guaranteeing of a database, and therefore the possibility is provided for a large-scale distributed architecture, an elastic computing architecture, a micro-service architecture, multi-end service and the like of a software system.
In the whole life cycle of the software project, because of the important role (back-end routing) and significance (front-end decoupling is realized) of the API provided by the back-end, if the whole API provided by the back-end in the Web application program can be mastered, the development of the work of the software project, such as development, testing, operation and maintenance, and the like, can be facilitated.
However, simply requiring the developer to manually count the post-end-to-external exposure of the Web application project internally is not comprehensive and can not be missed, and some frameworks (e.g., Java spring mvc) themselves support automatic configuration of external APIs and access paths through annotation scanning during initialization without requiring the developer to manually write URL path configuration files. Although, the developer may also crawl the external APIs of the Web backend by using a traditional crawler means, for example, by using Requests to grab pages, and obtaining data asynchronously loaded by AJAX to determine some APIs exposed to the outside of the backend; however, APIs such as backend interfaces (i.e., interfaces accessible by dynamically generated links) that require input interaction on the front-end page to access cannot be crawled directly by a crawler. Therefore, how to obtain the full amount of APIs provided by the back end of the target Web application, especially obtain the APIs exposed to the outside through the dynamic route, is a technical problem to be solved preferentially when the full amount of APIs are used for assisting development, testing, operation and maintenance and the like.
According to an embodiment of the present disclosure, a scheme for instrumentation-based Web backend API acquisition is provided. In the scheme, through a first probe in a pre-instrumented routing registration function of a target Web application program, in the routing rule registration process when the target Web application program runs, namely the routing registration module registers a routing rule in a routing system, routing rule information, namely a mapping set of a URL (uniform resource locator) path and an actual processing program, is obtained, and corresponding API information is respectively generated and output according to the mapping relation information of each URL path in the mapping set and the actual processing program; each piece of the API information includes corresponding URL path information. Compared with the prior art, the scheme can comprehensively and effectively master the Web back-end API of the target Web application program, and even obtain the API exposed to the outside through a dynamic routing mechanism.
Embodiments of the present disclosure will be described below in detail with reference to the accompanying drawings. FIG. 1 illustrates a schematic diagram of an example environment in which embodiments of the present disclosure can be implemented and a request access process in the example environment; FIG. 1 (a) is a schematic diagram illustrating a summary process of requesting access in this example environment; fig. 1 (b) is a schematic diagram showing an example of a routing system in the example environment and a request routing process based thereon. As shown in fig. 1 (a), example environment 100 includes: a Web front-end application such as a requesting browser, a Web server that distributes requests to application programs, and the routing system 110 and actual handlers 120 involved in entering the requests into the application programs. In the example environment 100, requests issued by a Web front-end application, such as a browser, are distributed to a target Web application via a Web server, and the routing system 110 in the target Web application can provide routing functionality for the Web application that enables mapping of various requests to actual handlers. By adopting a routing mechanism, the separation of the essential significance of the front end and the back end can be realized, and the back end can not be influenced by effectively decoupling the front end program and the back end program and determining the uniform and standardized request URL even if the front end page changes in the subsequent development process, thereby simplifying the maintenance difficulty; in addition, the routing mechanism can shield the physical path and improve the safety of the application system. And in some embodiments may be: in the initialization process of the Web application program, the routing rule is registered in a routing system; it can also be: dynamically registering the routing rule into a routing system according to the requirement through a dynamic routing mechanism; when access is requested, the service logic in the routing system responsible for route discovery maps the request to the corresponding actual handler according to the service logic (the routing rule registered to the routing system). Generally, a relevant module in the routing system, which is responsible for registering the routing rule, registers the routing rule in a relevant module in the routing system, which provides route discovery for the application, for example, a routing object (a specific implementation of the routing object may be a predefined data structure) registered in the module, and the routing object can be accessed/invoked; the registered route object carries the routing rule information, i.e. the information of the mapping set of the corresponding URL path and the actual handler. As shown in fig. 1 (b), the routing system 110 may include: a route registration module 110a and a route discovery module 110 b; during initialization, for example, the route registration module 110a may register the route rule in the configuration file (or automatically configured by the application initialization related module according to scan annotation configuration, decorator parsing, and the like) into the route object (here, the route object may be a predefined data structure) of the route discovery module 110 b; the request for entering the routing process of the exemplary application program includes: the request enters the routing system 110 of the application program, obtains the routing result through the routing discovery module 110b, and maps the request to the corresponding actual handler 120 according to the routing result. Generally, the routing registration module mainly implements its functions through a routing registration function. It is colloquially understood that the route registration function, is responsible for registering routing rules to the main business logic in the routing objects of the routing system. In a different framework, the route registration function may be: independently adding routing rules to the routing system according to the routing configuration; and more so: combining the method of the frame related function, making the route registration function include the subclass of the frame related method, and completing the registration of the route rule; for example, the route registration function may include some method of decorator/scan annotation in the framework or in conjunction with its associated functions, etc.
In some embodiments, the routing object may be in the form of a routing table, that is, the routing registration module registers the routing rule in the routing table; the routing discovery module can also be understood as the routing discovery module, including: a routing table, and a route matching submodule. Fig. 2 shows an example of registering a routing rule in a routing table in the routing process in the above embodiment, and a schematic diagram of a routing process for requesting entry to an application based on the routing mechanism. As shown in fig. 3, the route registration module 110a registers the routing rule in the routing table 220; the routing process 200 for requesting entry into the exemplary application includes: when entering the route discovery module 110b in the routing system 110, the request enters the application program, and after querying the routing table 220 of the registered routing rule through the route matching sub-module 210 and returning a specified Action method (Action Methods) or a controller (class), the request is mapped to a corresponding actual processing program according to the routing result, namely, the specified method is executed or the specified controller and other related operations are executed. The example solution disclosed in the above embodiment may be an implementation of asp. In some embodiments, to improve efficiency, the above actual processing procedure may be implemented by being developed under the MVC framework; the actual processing program mainly comprises: controller (i.e., C, Controller), Model (i.e., M, Model), View (i.e., V, View); wherein, the Controller is mainly responsible for the service logic processing, interacts with the Model and the View (View) after the Controller is assigned by the route, and returns a response; the Model (Model) encapsulates the access to the database layer and is responsible for data processing; and the View (View) is responsible for interface display, is used for packaging results and generates page display HTML. Fig. 3 is a schematic diagram showing the process of the MVC module such as the controller actually processing the request entering the MVC application program and routing the request to the MVC application program via the routing table in the above embodiment. As shown in fig. 3, a process 300 for routing and processing a request into an MVC application includes: the request enters the MVC application program, the routing table 220 is inquired and returned to the appointed controller through the routing matching sub-module 210 of the routing discovery module in the routing system 110, and the request is handed to the appointed controller to start actual processing; wherein controller 310 performs data interaction through model 320, performs attempted processing through view 330, and returns the results as a response; in fact, the controller 310, the model 320, the view 330, i.e., the actual handler 120 of the present embodiment. Net MVC framework, and may be a Web application implemented under the asp.
In some embodiments, the target Web application may be an MVC application. The MVC application program in this embodiment mainly includes: a control layer (i.e., C, Controller), a Model layer (i.e., M, Model), and a View layer (i.e., V, View); wherein, unlike the MVC application in the previous embodiment, the control layer (i.e., C, Controller) is mainly responsible for receiving and processing requests and service logic processing; the control layer (Controller) typically includes a front-end Controller and a back-end Controller; generally, a front-end controller receives and processes a request, and accesses a route discovery module of a routing system so as to map the request to a corresponding back-end controller, and the back-end controller can interact with a Model layer (Model) and a View layer (View) to obtain a View result and return a response; the Model layer (Model) encapsulates the access to the database layer, is used for data processing and performs operations of adding, deleting, modifying and searching data in the database; and the View layer (View) is responsible for interface display and is used for packaging results and generating HTML content displayed by the page. Fig. 4 is a schematic diagram showing a process of route discovery and actual processing after a request enters the MVC application in the above embodiment. As shown in fig. 4, a process 400 for routing and processing a request into an MVC application includes: when a request enters the MVC application, the control layer 410 (specifically, generally, the front-end director therein) maps the request to the corresponding back-end director through the route discovery module 110b, and then the control layer 410 (specifically, generally, the back-end director therein) performs data interaction with the model layer 420 to obtain the data, and the view layer 430 performs view processing to obtain HTML for page display, so as to return a response. The example scheme disclosed in the above embodiment may be an implementation of a Web application under a framework such as Java Spring MVC.
In some embodiments, the target Web application may be an MVT application. Compared with an application program developed based on a typical MVC framework, the MVT application program adopts further abstraction in a part for requesting actual processing, and realizes further division and decoupling of the actual processing concrete process. Specifically, the MVT application program mainly includes: view (i.e., V, View), Model (i.e., M, Model), Template (i.e., T, Template); wherein, because the View function object is highly abstracted, the View (View) is similar to the control layer (Controller) function in the typical MVC framework, and is used for receiving and processing the request, interacting with the Model (Model) and the Template (Template), obtaining the View result and returning the response; the Model (Model) has the same function as a Model layer (Model) in the typical MVC, is responsible for interacting with a database and processing data; template (Template), which is functionally similar to a part of View layer (View) in typical MVC, is responsible for encapsulating HTML to be returned; the above constitutes an actual processing program of the MVT application program; in the MVT application, because of the existence of the highly abstract view function, when a request enters the MVT application, the request is directly mapped to the corresponding view function via the routing system (specifically, mainly referred to as a route discovery module in the routing system) to be actually processed. Fig. 5 is a schematic diagram illustrating a process of route discovery and actual processing after a request enters an MVT application according to the foregoing embodiment. As shown in fig. 5, a routing and processing procedure 500 for a request to enter an MVT application includes: when a request enters an MVT application program, the request is mapped to a designated view function through a route discovery module 110b of the routing system 110 for actual processing; the actual processing procedure includes: after the view function is designated, requesting to enter a view 510, and constructing HTML through data interaction with the model 520 and the request template 530 to obtain a response result, and responding and outputting the view result; when a request enters the MVT application, the routing system 110 maps the request to the designated view function, which may be a process of matching the request by a URL matching module therein, and mapping the request to a corresponding view function (i.e. the designated view function) according to a URL-view mapping therein (the URL-view mapping, i.e. an implementation manner of the aforementioned path object in this embodiment). The example scheme disclosed in the above embodiment may be an implementation of a Web application under a framework such as a Django framework.
The process of acquiring the Web backend API based on instrumentation in the above-described scheme will be described in detail below with reference to fig. 6 to 10. FIG. 6 illustrates a schematic diagram of a process for instrumentation-based acquisition of a Web backend API, in accordance with some embodiments of the present disclosure. As shown in FIG. 6, a process 600 for instrumentation-based acquisition of a Web backend API, which may be implemented in the example environment 100; to more clearly describe the above process, the process 600 is described below in conjunction with fig. 1 (a), 1 (b); wherein, the process 600 mainly includes: a first probe is inserted into a route registration function of a target Web application program (refer to a block 601), and a first probe in the route registration function of the target Web application program inserted in advance is used for acquiring a mapping set of a URL path corresponding to a routing rule and an actual processing program (refer to a block 602) in a routing rule registration process when the target Web application program runs, namely a routing registration module registers the routing rule into a routing system; generating corresponding API information according to the mapping relation information between each URL path in the mapping set and the actual processing program, and outputting the API information (refer to a box 603); each piece of the API information includes corresponding URL path information. In some of the above embodiments, it is also possible to make the first probe obtain the mapping relationship between the URL path corresponding to the routing rule and the actual handler in real time (besides the routing rule registered in the general initialization, the mapping relationship between the URL path corresponding to the routing rule of the dynamic routing and the actual handler is also included).
In some embodiments, the process of route registration may be that a route rule adding method in the route registration function reads from the configuration, for example, adds the route rule adding method to the route object in a stripe-by-stripe adding manner for the route discovery module to utilize. Therefore, referring to the block 601, a first probe may be inserted into the routing rule adding method in the routing registration function, and the first probe is configured to obtain, in real time, each piece of routing rule information registered in the routing system via the adding method when the first probe registers the routing rule, so as to generate and output corresponding API information; the routing rule information includes mapping relation information between the URL path corresponding to the routing rule and the actual processing program. Fig. 7 is a schematic diagram illustrating a process of obtaining routing rule information by instrumenting the first probe to the routing rule addition method in the routing registration function according to the above embodiment. As shown in fig. 7, the first probe 710 is inserted into a routing rule adding method in the routing registration function of the routing registration module 110a, so as to obtain, in real time, each piece of routing rule information registered in the routing system via the adding method when the routing rule is registered, and further generate and output corresponding API information (specifically, for example, after being inserted into add _ url _ rule, the routing rule added to the routing object from the routing configuration by the above method is obtained in real time).
In some embodiments, the process of route registration may also be to generate information related to route registration in combination with a framework automation configuration function; for example, the annotation scanning method in the Java spring mvc framework scans annotation autoconfiguration routes of corresponding packets or the decorator parsing decorator configuration autoconfiguration routes in the flash framework, etc. Therefore, the reference frame 601 may be a first probe inserted into the route decorator/scan annotation method in the route registration function, and configured to obtain, in real time, the route rule information generated after the route decorator parses/scans the annotation method to scan the corresponding route configuration when the first probe is registered in the route rule, so as to generate and output the corresponding API information; the routing rule information includes mapping relationship information between the URL path corresponding to the routing rule and the actual handler. Fig. 8 is a schematic diagram illustrating a process of acquiring routing rule information by instrumenting the first probe to the route decorator/scan annotation method in the route registration function according to the above embodiment. As shown in fig. 8, unlike the previous embodiment, the first probe 810 is inserted into the route decorator/scan annotation method in the route registration function of the route registration module 110a, so as to obtain the route rule information returned after parsing/scanning annotation in real time when the route rule is registered, and further generate and output the corresponding API information.
In some embodiments, instrumentation code may be written directly into the code of the target Web application and instrumentation probes may be implemented when the code is executed during initialization, or the probes may be instrumented in a runtime instrumentation manner. The pile inserting mode during operation refers to inserting a probe into a target pile inserting site during the operation of a target program. Specifically, referring to block 601, a first probe may be instrumented at a target instrumentation site during a start-up process of a target Web application. For example, for a Java programmed target Web application, the probe may be instrumented at the target instrumentation point by means such as manual, bytecode instrumentation tool modification, etc. when its class is loaded.
In some embodiments, referring to block 603, the generating and outputting the API information further includes: the actual processing program information mapped by the URL path information has more and more meaningful information exposed to the outside, and assists development, testing and analysis and judgment of safety personnel. In a different Web framework, the actual handler information, correspondingly, may be action method information, processing function information, view function information, and the like corresponding to the URL path information.
Fig. 9 shows a block diagram of an instrumentation-based Web backend API acquisition apparatus 900 according to an embodiment of the present disclosure. As shown in fig. 9, the apparatus 900 includes: a instrumentation module 910 and an API acquisition module 920; the instrumentation module 910 can be configured to instrumentation a first probe in a route registration function of a target Web application, so as to obtain data related to the API during the running process of the target Web application; the API obtaining module 920 includes a first probe that is pre-instrumented; the first probe can be configured to acquire data related to the API such as a mapping set of a URL path and an actual processing program in the process of registering a routing rule in a routing system by a routing registration module, respectively generate corresponding API information according to mapping relation information of each URL path in the mapping set and the actual processing program, and output the API information; each piece of the API information includes corresponding URL path information.
In some embodiments, the instrumentation module 910 may be configured to instrumentation a first probe into a routing rule addition method in the routing registration function, and configured to, when the first probe registers the routing rule, obtain, in real time, each piece of routing rule information registered into the routing system via the addition method to generate and output corresponding API information; the routing rule information includes mapping relation information between the URL path corresponding to the routing rule and the actual processing program.
In some embodiments, the instrumentation module 910 may be configured to instrumentation a first probe for a route decorator/scan annotation method in the route registration function, and configured to obtain, in real time, route rule information generated after a route decorator parsing/scan annotation method scans a corresponding route configuration when the first probe registers a route rule, so as to generate and output corresponding API information; the routing rule information includes mapping relationship information between the URL path corresponding to the routing rule and the actual handler.
In some embodiments, the staking module 910 may be configured to stake the probe in a runtime staking manner. The pile inserting mode during operation refers to inserting a probe into a target pile inserting site during the operation of a target program. Specifically, during the starting process of the target Web application, the target instrumentation site may be instrumented with a first probe. For example, for a Java programmed target Web application, the probe may be instrumented at the target instrumentation point by means such as manual, bytecode instrumentation tool modification, etc. when its class is loaded.
In some embodiments, the API information obtained by the API obtaining module 920 further includes: the actual processing program information mapped by the URL path information has more and more meaningful information exposed to the outside, and assists development, testing and analysis and judgment of safety personnel. In a different Web framework, the actual handler information, correspondingly, may be action method information, processing function information, view function information, and the like corresponding to the URL path information.
According to some embodiments of the present disclosure, an apparatus is also presented that is capable of obtaining a Web backend API based on instrumentation. The apparatus, in particular, may be a computing device; fig. 10 illustrates a block diagram of a computing device 1000 that may be used to implement some embodiments of the present disclosure of the above-described embodiments. As shown in fig. 10, the computing device 1000 includes a Central Processing Unit (CPU) 1001 capable of executing various appropriate operations and processes according to computer program instructions stored in a Read Only Memory (ROM) 1002 or computer program instructions loaded from a storage unit 1008 into a Random Access Memory (RAM) 1003, and in the (RAM) 1003, various program codes, data required for the operation of the computing device 1000 may also be stored. The CPU1001, ROM1002, RAM1003 are connected to each other via a bus 1004, and an input/output (I/O) interface 1005 is also connected to the bus 1004. Some components of computing device 1000 are accessed through I/O interface 1005, including: an input unit 1006, such as a keyboard and mouse; an output unit 1007 such as a display or the like; a storage unit 1008 such as a magnetic disk, an optical disk, a Solid State Disk (SSD), etc., and a communication unit 1009 such as a network card, a modem, etc. The communication unit 1009 enables the computing apparatus 1000 to exchange information/data with other apparatuses through a computer network. The CPU1001 is capable of executing various methods and processes described in the above embodiments, such as the process 600. In some embodiments, process 600 may be implemented as a computer software program that is embodied on a computer-readable medium, such as storage unit 1008. In some embodiments, part or all of the computer program is loaded or installed into computing device 1000. When the computer program is loaded into RAM1003 and executed by CPU1001, some or all of the operations of process 600 can be performed.
The functions described herein above may all be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a load programmable logic device (CPLD), and the like.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (10)

1. A method for acquiring a Web backend API based on instrumentation is characterized by comprising the following steps:
a first probe is inserted into a route registration function of a target Web application program, and the first probe is configured to acquire a mapping set of a corresponding URL path and an actual processing program in the process of registering a route rule to a routing system by a route registration module;
respectively generating corresponding API information according to the mapping relation information of each URL path in the mapping set and an actual processing program, and outputting the API information; each piece of the API information includes corresponding URL path information.
2. The method of claim 1,
the first probe is inserted into a routing rule adding method in the routing registration function, and the configuration is carried out so that when the first probe is registered in a routing rule, each piece of routing rule information registered in a routing system through the adding method is obtained in real time to generate and output corresponding API information; the routing rule information comprises mapping relation information of a URL path corresponding to the routing rule and an actual processing program;
and/or the presence of a gas in the gas,
the first probe is inserted into a route decorator/scanning annotation method in the route registration function, and the first probe is configured to acquire route rule information generated after a route decorator analysis/scanning annotation method scans corresponding route configuration in real time when a route rule is registered, so as to generate and output corresponding API information; the routing rule information includes mapping relationship information between the URL path corresponding to the routing rule and the actual handler.
3. The method of claim 1,
the implementation mode of the first probe for target Web application program instrumentation comprises the following steps: and the first probe is instrumented for the target Web application in a runtime instrumentation mode.
4. The method of claim 1,
the API information further includes: actual handler information mapped by the URL path information; the actual handler information includes: and the URL path information corresponds to the information of the action method/processing function/view function.
5. An instrumentation-based Web backend API acquisition apparatus, comprising:
the system comprises a pile inserting module and an API acquisition module;
the instrumentation module is configured to instrumentation a first probe in a route registration function of a target Web application program;
the API acquisition module comprises the first probe; the API acquisition module is configured to enable the first probe to acquire a mapping set of a URL path corresponding to a routing rule and an actual processing program in the process of registering the routing rule in a routing system by the routing registration module, respectively generate corresponding API information according to mapping relation information of each URL path in the mapping set and the actual processing program, and output the API information; each piece of the API information includes corresponding URL path information.
6. The apparatus of claim 5,
the stake module configured to: the first probe is inserted into a routing rule adding method in the routing registration function, and when the first probe registers the routing rule, each piece of routing rule information which is registered into a routing system through the adding method is obtained in real time, so that corresponding API information is generated and output; the routing rule information comprises mapping relation information of a URL path corresponding to the routing rule and an actual processing program;
and/or the presence of a gas in the gas,
the first probe is inserted into a route decorator/scanning annotation method in the route registration function, and when the first probe is registered in a route rule, route rule information generated after a route decorator analysis/scanning annotation method scans corresponding route configuration is obtained in real time, so that corresponding API information is generated and output; the routing rule information includes mapping relationship information between the URL path corresponding to the routing rule and the actual handler.
7. The apparatus of claim 5,
the instrumentation module is configured to instrumentation the first probe to a target Web application in a runtime instrumentation manner.
8. The apparatus of claim 5,
the API information generated and output by the API obtaining module further includes: actual handler information mapped by the URL path information; the actual handler information includes: and the URL path information corresponds to the information of the action method/processing function/view function.
9. An instrumentation-based Web backend API acquisition apparatus, comprising:
at least one processor, a memory coupled to the at least one processor, and a computer program stored in the memory;
wherein a processor executing said computer program is capable of carrying out the method of any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that,
the medium having stored thereon test-related computer instructions,
the computer instructions, when executed by a computer processor, are capable of implementing the method of any of claims 1-4.
CN202110945964.3A 2021-08-18 2021-08-18 Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium Active CN113392347B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110945964.3A CN113392347B (en) 2021-08-18 2021-08-18 Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110945964.3A CN113392347B (en) 2021-08-18 2021-08-18 Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium

Publications (2)

Publication Number Publication Date
CN113392347A true CN113392347A (en) 2021-09-14
CN113392347B CN113392347B (en) 2021-11-09

Family

ID=77622823

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110945964.3A Active CN113392347B (en) 2021-08-18 2021-08-18 Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium

Country Status (1)

Country Link
CN (1) CN113392347B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542436A (en) * 2021-09-16 2021-10-22 北京安普诺信息技术有限公司 Web back-end full API self-discovery method and device based on request triggering
CN116451228A (en) * 2023-04-23 2023-07-18 北京安普诺信息技术有限公司 Dynamic taint tracking method, device and related online taint propagation analysis system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020145981A1 (en) * 2001-04-10 2002-10-10 Eric Klinker System and method to assure network service levels with intelligent routing
US8438269B1 (en) * 2008-09-12 2013-05-07 At&T Intellectual Property I, Lp Method and apparatus for measuring the end-to-end performance and capacity of complex network service
CN104065398A (en) * 2014-07-03 2014-09-24 重庆大学 Design method and system of electric power information communication network convergence test platform
CN106686027A (en) * 2015-11-06 2017-05-17 北京京东尚科信息技术有限公司 HTTP-based SOA service calling arrangement method and system
CN109656544A (en) * 2018-12-26 2019-04-19 苏州博纳讯动软件有限公司 A kind of cloud service API adaptation method based on execution route similarity
CN110888731A (en) * 2019-12-09 2020-03-17 北京博睿宏远数据科技股份有限公司 Route data acquisition method, device, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020145981A1 (en) * 2001-04-10 2002-10-10 Eric Klinker System and method to assure network service levels with intelligent routing
US8438269B1 (en) * 2008-09-12 2013-05-07 At&T Intellectual Property I, Lp Method and apparatus for measuring the end-to-end performance and capacity of complex network service
CN104065398A (en) * 2014-07-03 2014-09-24 重庆大学 Design method and system of electric power information communication network convergence test platform
CN106686027A (en) * 2015-11-06 2017-05-17 北京京东尚科信息技术有限公司 HTTP-based SOA service calling arrangement method and system
CN109656544A (en) * 2018-12-26 2019-04-19 苏州博纳讯动软件有限公司 A kind of cloud service API adaptation method based on execution route similarity
CN110888731A (en) * 2019-12-09 2020-03-17 北京博睿宏远数据科技股份有限公司 Route data acquisition method, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
M_SOPHIA: "Swagger2原理详解与示例", 《HTTPS://BLOG.CSDN.NET/M_SOPHIA/ARTICLE/DETAILS/105707020》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542436A (en) * 2021-09-16 2021-10-22 北京安普诺信息技术有限公司 Web back-end full API self-discovery method and device based on request triggering
CN113542436B (en) * 2021-09-16 2021-12-14 北京安普诺信息技术有限公司 Web back-end full API self-discovery method and device based on request triggering
CN116451228A (en) * 2023-04-23 2023-07-18 北京安普诺信息技术有限公司 Dynamic taint tracking method, device and related online taint propagation analysis system
CN116451228B (en) * 2023-04-23 2023-10-17 北京安普诺信息技术有限公司 Dynamic taint tracking method, device and related online taint propagation analysis system

Also Published As

Publication number Publication date
CN113392347B (en) 2021-11-09

Similar Documents

Publication Publication Date Title
CN113392347B (en) Instrumentation-based Web backend API (application program interface) acquisition method and device and storage medium
US8601434B2 (en) Method and system for information processing and test case generation
Xiao et al. Precise identification of problems for structural test generation
CN106897107B (en) implementation system and method for web remote data calculation and simulation
JP2011002870A (en) Method for evaluating and improving operability of web application, and web system
Eler et al. Built-in structural testing of web services
CN113392034B (en) API self-discovery method and test coverage statistical method and device based on same
CN110908915A (en) Test coverage rate display method and device and computer system
Cristiá et al. A language for test case refinement in the Test Template Framework
US20040098704A1 (en) Systems and methods for defining Web applications pages
Romano et al. WasmView: visual testing for WebAssembly applications
Stolpe et al. Language-independent development environment support for dynamic runtimes
Wittevrongel et al. SCENTOR: scenario-based testing of e-business applications
CN113392032B (en) API (application program interface) discovery method, test coverage rate determining method and device
Khoroshilov et al. Modeling environment for static verification of Linux kernel modules
Anand et al. Heap cloning: Enabling dynamic symbolic execution of java programs
CN113542436B (en) Web back-end full API self-discovery method and device based on request triggering
JP2004272317A (en) Program management method and system, and storage medium storing processing program therefor
Van Der Merwe et al. Environment modeling using runtime values for JPF-Android
CN114968751A (en) Program debugging method and program debugging device of code-free development platform
Nguyen et al. Verifying implementation of uml sequence diagrams using java pathfinder
Losada et al. Optimization techniques to speed up the page loading in custom web browsers
CN116166866B (en) Method, device, terminal and storage medium for optimizing SEO (secure element operation) on SPA (application platform) application
Menshikov Towards a resident static analysis
Owre A brief overview of the PVS user interface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant