CN113485905A - Test method, device, equipment and computer storage medium in data transaction - Google Patents

Test method, device, equipment and computer storage medium in data transaction Download PDF

Info

Publication number
CN113485905A
CN113485905A CN202110218258.9A CN202110218258A CN113485905A CN 113485905 A CN113485905 A CN 113485905A CN 202110218258 A CN202110218258 A CN 202110218258A CN 113485905 A CN113485905 A CN 113485905A
Authority
CN
China
Prior art keywords
data
test
target
container
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110218258.9A
Other languages
Chinese (zh)
Other versions
CN113485905B (en
Inventor
邵雷
杜自然
董传晔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110218258.9A priority Critical patent/CN113485905B/en
Publication of CN113485905A publication Critical patent/CN113485905A/en
Application granted granted Critical
Publication of CN113485905B publication Critical patent/CN113485905B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The embodiment of the invention relates to the technical field of data transaction and data opening, and discloses a test method in data transaction, which comprises the following steps: acquiring a data trial request sent by a target user; verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; data among a plurality of test containers are isolated from each other; configuring a target test container according to the test environment requirement information; obtaining test sample data corresponding to the test data type to a target test container; acquiring a code to be tested submitted by a target user in a target test container; performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result; and returning the test result to the target user. Through the mode, the embodiment of the invention realizes the data security test in the data transaction.

Description

Test method, device, equipment and computer storage medium in data transaction
Technical Field
The embodiment of the invention relates to the technical field of data transaction and data opening, in particular to a test method, a device, equipment and a computer storage medium in data transaction.
Background
With the development and popularization of the internet and big data technology, data is gradually introduced into the market for sale or open use as an emerging and important production element. In the existing data transaction or data open field, data is generally directly transacted as a commodity, for example, a specific transmission interface is adopted to enable a data purchaser to obtain the data, or a data transfer mode such as copying or downloading a data file is adopted.
All the methods transfer the ownership of the data from the database of the data provider to the purchaser directly or indirectly, and due to the easy modification, the easy copying and the easy dissemination of the data, the transfer of the ownership of the data can cause data abuse or counterfeiting, further damaging the benefit of the data provider and influencing the good operation of data trading and open markets.
In summary, the data transaction in the prior art has a problem of low data security.
Disclosure of Invention
In view of the foregoing problems, embodiments of the present invention provide a method, an apparatus, a device, and a computer storage medium for testing in data transaction, which are used to solve the problem in the prior art that data security of data transaction is low.
According to an aspect of an embodiment of the present invention, there is provided a method for testing in data transaction, the method including:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, a test data type and test environment requirement information;
verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
configuring the target test container according to the test environment requirement information;
obtaining test sample data corresponding to the test data type to the target test container;
acquiring a code to be tested submitted by the target user in the target testing container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
In an optional manner, the method further comprises:
acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user authentication information, a purchase data type and purchase environment requirement information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data of the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type to the target production container;
auditing the code to be tested;
when the code to be tested passes the audit, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and the target real data to obtain an operation result;
and returning the operation result to the target user.
In an optional manner, the test sample data is at least one of a plurality of candidate sample data, and the method further includes:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test sample according to the test data type.
In an optional manner, the data trial request further includes an expected operation result, and the method further includes:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an optional manner, the method further comprises:
carrying out vulnerability analysis on the code to be tested;
and when no loophole is detected in the code to be tested, performing data processing according to the target real data and the code to be tested.
In an optional manner, the method further comprises:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encrypted transmission is established between the front-end processor and the target production container;
and sending the codes to be tested in the target test container to the target production container through the front-end processor.
In an optional manner, the data purchase request further includes user-provided data, and the method further includes:
performing data auditing on the data provided by the user;
and when the user provided data passes the verification, fusing the user provided data and the original real data corresponding to the purchase data type to obtain the target real data.
According to another aspect of the embodiments of the present invention, there is provided a test apparatus in data transaction, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a data trial request sent by a target user, and the data trial request comprises user verification information, a test data type and test environment requirement information;
the verification module is used for verifying the user verification information, and when the user verification information passes verification, one test container is determined from a plurality of test containers to be used as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
the configuration module is used for configuring the target test container according to the test environment requirement information;
the second acquisition module is used for acquiring test sample data corresponding to the test data type into the target test container;
the third acquisition module is used for acquiring a code to be tested submitted by the target user in the target test container;
the processing module is used for carrying out data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and the return module is used for returning the test result to the target user.
According to another aspect of the embodiments of the present invention, there is provided a test apparatus in data transaction, including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation of the test method in the data transaction according to any one of the previous embodiments.
According to another aspect of the embodiments of the present invention, there is provided a computer-readable storage medium, wherein at least one executable instruction is stored in the storage medium, and when the executable instruction runs on a testing device in data transaction, the testing device in data transaction executes the operation of the testing method in data transaction as described in any one of the embodiments of the chinese mugwort recitations.
In the embodiment of the invention, a data trial request sent by a target user is firstly obtained, wherein the data trial request comprises user verification information, a test data type and test environment requirement information;
verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other; therefore, the mutual isolation of users in the test process of data transaction is realized; then configuring the target test container according to the test environment requirement information, and acquiring test sample data corresponding to the test data type to the target test container after the target test container is configured; enabling a target user to write a code to be tested according to test sample data, and then acquiring the code to be tested submitted by the target user in the target test container; performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result; and finally, returning the test result to the target user. Therefore, the method is different from the prior art that ownership of data is directly handed to a data purchaser, only test sample data in the test container and test results running according to the test sample data are provided for a target user in a data test stage, and the test containers are mutually isolated, so that on one hand, the method realizes separation of data use right and data ownership, on the other hand, the method realizes mutual isolation of data used by the users, and improves data security during testing in data transaction.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart of a method for testing data transaction according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a test apparatus in data transaction according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a test device in data transaction according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein.
Before the description of the method of the embodiment of the present invention, the related nouns are explained:
virtualization technology: hardware resources such as a CPU (central processing unit), a memory and the like are isolated on one physical computer through an intermediate virtual software layer Hypervisor, and a plurality of virtual servers are virtualized, so that one physical server can install a plurality of application programs, the resource utilization maximization is achieved, and a plurality of applications are isolated from one another.
A container: the container contains the complete runtime environment, i.e. the application itself and all dependencies, class libraries, other binaries, configuration files, etc. required by this application. Each container looks like a real operating system, and by containerizing the application itself and its dependencies, the operation of the container is not affected by operating system releases and other underlying environments. The container adopts a virtualization technology, namely a host machine is required to be relied on, a plurality of containers can be run on one host machine, but processes in the containers are isolated from each other and cannot be mutually sensed, namely the container is a safe and isolated resource structure.
Docker: refers to an open-source, lightweight container engine, running primarily in Linux and Windows, for creating, managing and orchestrating containers. Compared with a virtual machine, the Docker uses the container to bear the application program, does not use an operating system, and therefore the Docker has the advantages of low cost and high performance.
Kubenets: to a container cluster management tool. In kubenets, all vessels are operated in Pod. Pod is the smallest/simplest basic unit created or deployed by Kubernetes, and one Pod represents one process running on a cluster. A Pod may carry one or more related containers, and containers in the same Pod may be deployed on the same physical machine and may be able to share resources. A Pod encapsulates an application container, storage resources, an independent network IP, and policy options that govern the manner in which the container operates. Pod represents one unit of deployment: kubernets is an example of a single application that may share a resource consisting of a single container or multiple containers. Kubernets is mainly used to deploy multiple Pod replicas based on the same Pod profile, and to create alternative pods when one Pod or machine goes down.
Fig. 1 is a flowchart illustrating a method for testing in data transaction according to an embodiment of the present invention, which is performed by a testing device in data transaction. The test device in the data transaction can be a computer processing device, such as a mobile phone, a notebook computer and the like. As shown in fig. 1, the method comprises the steps of:
step 101: the method comprises the steps of obtaining a data trial request sent by a target user, wherein the data trial request comprises user verification information, a test data type and test environment requirement information.
In one embodiment of the invention, the target user can submit a data trial request on a preset data service providing platform. The user verification information comprises a user account, an account password and the like, the test data type comprises data generation time, a data source region, a data field and the like, and the test environment requirement information comprises a memory, a CPU, a storage and the like.
The data service providing platform is provided with a data service providing platform, a preset trial service purchasing interface is displayed on the data service providing platform, and a certain amount of alternative sample data under various test data types are displayed on the trial service purchasing interface for a target user to check. After determining the type of test data to be tried, the target user may submit a data trial request on the trial service purchase interface and pay. And after the payment is detected to be successful, generating a data trial work order corresponding to the data trial request in a preset work order library.
Step 102: verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other.
The verification of the user verification information can be realized by matching an account password corresponding to the user account with a legal password prestored in a user information base, searching whether a data trial work order corresponding to the user account exists in a preset work order base when the account password and the legal password are matched, and determining that the user verification information passes verification when the work order is searched.
The plurality of test containers may be pre-established according to a container engine and a container cluster management tool. In one embodiment of the invention, the container engine may employ docker and the container cluster management tool may be kubernets.
Step 103: and configuring the target test container according to the test environment requirement information.
Configuring the target test container may include allocating a memory, a CPU, a storage, and the like corresponding to the test environment requirement information to the target test container, acquiring an IP address of the target test container, and associating the IP address with a user account of the target user.
Step 104: and acquiring test sample data corresponding to the test data type to the target test container.
The test sample data is at least one of a plurality of candidate sample data, and the candidate sample data is obtained by processing according to original real data provided by the data providing platform. The original real data is adopted for processing, so that on one hand, the data testing efficiency is high, the running result of the target user in the data trial stage is more similar to the running result of the real production environment, and on the other hand, the target user does not completely acquire the use right of the original real data in the trial stage, so that the original real data cannot be directly provided for the user to be tested in order to guarantee the benefit of the data providing platform.
Therefore, desensitization processing needs to be performed on original real data, in yet another embodiment of the present invention, the test sample data is at least one of a plurality of candidate sample data, and before obtaining the test sample data corresponding to the test data type, the method further includes:
step 1041: and extracting original real data from a preset data providing platform.
In one embodiment of the present invention, data extraction may include three steps of data acquisition, data extraction, and data storage. The data acquisition can acquire original data meeting preset data conditions from a preset data providing platform through a crawler or a data acquisition interface. The data providing platform can be a government website, an enterprise website, a bank system and the like, and the preset data conditions comprise data time, a data region and the like.
The data extraction may include converting the original data into a general format, screening and aggregating the data, merging multiple pieces of data having relevance to generate a new form, and then querying on the basis of the new form or merging the new form with other original data in a correlated manner to obtain the original data to be stored.
The data storage may include determining a data topic, a data type, and the like of the data to be stored, establishing a data directory according to the data topic and the data type, layering the cleaned data according to the directory, and storing the layered data in a data warehouse to obtain the original real data.
It should be noted that, when data extraction is performed, there is also a case of extraction across network domains, that is, a data providing platform such as a government website may be in a specific intranet, and a data service providing platform is in a network environment outside the intranet. In such an embodiment, reference may be made to the cross-domain transmission manner of the code to be tested in step 2052, that is, the original data is extracted from the data providing platform and sent to a preset front-end processor, and then the original data is sent to the data service providing platform through the front-end processor. The front-end processor and the data providing platform are in the same network, and encryption transmission is established between the front-end processor and the data service providing platform.
Step 1042: and desensitizing the original real data to obtain the alternative test sample.
Desensitization processing refers to data deformation of some sensitive information in original real data through a preset desensitization algorithm, so that reliable protection of sensitive private data is realized. For example, in the case of client security data or some business sensitive data, the real data is modified and provided for test use without violating laws and regulations, and personal information such as identification numbers, mobile phone numbers, bank card numbers, client numbers and the like needs to be subjected to data desensitization.
In one embodiment of the invention, the preset desensitization algorithm may include the following: and performing an alternative desensitization algorithm on the same sensitive field which is pre-configured in the multiple tables, wherein the algorithm comprises fixed mapping, emptying, intercepting and the like. For example, the identification numbers in two different tables are subjected to alternative desensitization, so that the data can be kept consistent after desensitization.
Step 1043: determining the test sample data from the alternative test sample according to the test data type.
Step 105: and acquiring a code to be tested submitted by the target user in the target testing container.
In an embodiment of the present invention, a preset online development interface is further displayed in the data service providing platform, and the online development interface is used for providing an online code compiling function corresponding to a programming language based on Python or R, etc. A user can create a project in an online development interface by using the purchased test sample data, and the project codes are modified, stored, submitted as codes to be tested and the like. The target user can use the purchased test sample data to perform analysis and code writing in the target test container to obtain the code to be tested and submit the code to the data service providing platform. In one embodiment of the invention, the online development interface may be implemented based on a code editor such as a notebook.
In still another embodiment of the present invention, a plurality of preset alternative algorithm models are also displayed on the data service providing platform, and the target user can purchase each type of alternative algorithm model and submit the same in the data trial request. When the data trial request is detected to include the type information of the alternative algorithm model, the algorithm model code corresponding to the type is sent to the target test container, so that the target user can compile the code to be tested according to the algorithm model and the test sample data, and the development efficiency of the target user is improved.
Step 106: and performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result.
In one embodiment of the present invention, performing data processing may include data analysis, data mining, model training, and the like. Specifically, the model to be tested may be constructed according to the code to be tested, or the code to be tested and the algorithm model selected by the user, the test sample data is input into the model to be tested to run, and the running result of the model to be tested is obtained as the test result. The test results may include run time, output results, code error conditions, and the like.
Step 107: and returning the test result to the target user.
The test results may be returned to the target user through the online development interface in step 105.
The step 101 and 107 provides a data trial method for the target user, and the target user is provided with the use right of the purchased real data after actually purchasing the data, because the user cannot directly contact the real data considering that the use right of the data is sold to the target user and not the ownership of the data. Therefore, in a further embodiment of the present invention, after returning the test result to the target user, the method further includes:
step 201: and acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user authentication information, a purchase data type and purchase environment requirement information.
Step 202: determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data between the plurality of production containers are isolated from each other.
It should be noted that the production container and the test container are also isolated from each other. The same target user corresponds to a target production container and a target test container respectively through the user verification information.
Step 203: and acquiring target real data corresponding to the purchase data type to the target production container.
In consideration of the fact that in practical application, a target user may own a certain amount of data in the field where the target user is located, the required data service may be processes of model construction, code training and the like according to data obtained by fusion after local data of the target user and original real data purchased by the target user are fused.
Therefore, in a further embodiment of the present invention, the data purchase request further includes user-provided data, and step 203 further includes steps 2031 to 2032:
step 2031: and performing data auditing on the data provided by the user.
In one embodiment of the invention, the data security audit comprises abnormal word recognition, injection program recognition, data quality analysis and the like of the data, so that the target real data finally entering the target production container cannot cause damage to the target production container.
Step 2032: and when the user provided data passes the verification, fusing the user provided data and the original real data corresponding to the purchase data type to obtain the target real data.
Step 204: and auditing the code to be tested.
In an embodiment of the present invention, the code to be tested is checked, on one hand, the code function is checked, which includes whether the code to be tested written by the target user can run correctly, how the running performance is, whether the running result can meet the test purpose of the target user, and the like, so as to ensure the experience of the data service of the target user. And on the other hand, code security is verified, and the code is analyzed to determine whether security vulnerabilities such as malicious sentence injection and path tampering exist, so that target real data used when the code to be tested runs are prevented from being stolen into a target user, and the benefit of a data providing platform is ensured.
Therefore, in an embodiment of the present invention, the data trial request further includes an expected operation result, and the expected operation result at least includes an expected output result and an expected operation time. In step 204, the code to be tested is audited, and the method further includes steps 2041 to 2043 for performing functional analysis:
step 2041: and performing data processing according to the target real data and the code to be tested to obtain a real operation result.
In an embodiment of the present invention, the data processing may include constructing a model to be run according to a code to be tested, inputting target real data into the model to be run, and acquiring a real output result output by the model to be run and a real running time as a real running result.
Step 2042: and matching the real operation result with the expected operation result.
In one embodiment of the invention, the real output result and the expected output result are matched, and the real operation time and the expected output time are matched.
Step 2043: and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an embodiment of the present invention, the reason why the actual operation result does not match the expected operation result may be that the target user writes a code to be tested that has a technical problem, cannot operate correctly, or the output result is not consistent with the output assumed by the target user. It is also possible that the target user masks the actual test intention of the target user, for example, the model is trained as stated in the expected operation result, but the target user actually wants to perform another operation by using the acquired target actual data, for example, stealing data or injecting an attack program into the platform, and the like.
Therefore, in another embodiment of the present invention, when the code to be tested is not approved, a problem analysis report of the code to be tested can be generated and returned to the target user according to the matching result of the real operation result and the expected operation result. The reason why the code audit fails, the problem existing in the code, the code modification suggestion and the like are included in the problem analysis report to instruct the target user to modify the code to be detected so as to submit the code to be tested again, and therefore the conversion rate from data trial to data purchase is improved.
In yet another embodiment of the present invention, the code modification suggestion may perform evaluation and optimization suggestion of code complexity or algorithm performance on the code, and include a computing resource configuration and the like that a predicted output result required by a target user should match.
Therefore, in a further embodiment of the present invention, step 20411-step 20412 is further included before step 2041:
step 20411: and carrying out vulnerability analysis on the code to be tested.
In an embodiment of the present invention, performing vulnerability analysis may include, for example, checking whether malicious SQL statement injection exists in the code to be tested, whether a cross-site attack script is included, whether a request for counterfeit code exists, and the like.
Step 20412: and when no loophole is detected in the code to be tested, performing data processing according to the target real data and the code to be tested.
In another embodiment of the present invention, when a bug is detected in the code to be detected, a preset early warning action may be performed, such as freezing a user account of the target user, notifying an administrator of the data service providing platform, and the like.
Step 205: and when the code to be tested passes the audit, deploying the code to be tested into the target production container.
It should be noted that the production container and the test container are also isolated from each other, so that when the code to be tested is deployed across containers, in order to not damage the functional integrity and the security of the code to be tested, the core service code and the environment configuration related code in the code to be tested can be identified, the environment configuration related code is adaptively modified according to the configuration information of the target production container, and meanwhile, the core service code is kept unchanged. Therefore, the target real data can not be leaked, and meanwhile, the codes to be tested in the target test container can be well adapted to the target production container. Meanwhile, the container identification such as the IP address of the target production container is obtained, and the container identification is associated with the user account number of the target user, so that each target user corresponds to one special container, and the containers, namely the users, are isolated from each other.
Further, considering that in practical applications, the target production container and the target test container to which the target real data is sent may be in different networks, for example, in order to ensure that the target real data does not move out of the database of the data providing platform, the target production container may be located in a government or enterprise private network, and the target test container may be located in the internet for facilitating the access of the target user, in order to implement secure deployment in the cross-network domain environment, in an embodiment of the present invention, before the deploying in step 205, the method further includes:
step 2051: and detecting whether the target production container and the target test container are in the same network.
And respectively acquiring the IP addresses corresponding to the target production container and the target test container, carrying out network domain analysis on the IP addresses, and determining whether the target production container and the target test container are in the same network.
Step 2052: when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encrypted transmission is established between the front-end processor and the target production container.
In an embodiment of the invention, the front-end processor is first subjected to forced identity authentication, and after the identity authentication of the front-end processor is passed, an encrypted transmission channel is established between the target production container and the front-end processor, and the encrypted transmission channel is used for transmitting a code to be tested, target real data and the like. The encryption mode of the encryption transmission channel may include various national cipher bureau algorithms including SM9 identification cipher algorithm, NTLS (Next generation secure access) protocol, and the like.
Step 2053: and sending the codes to be tested in the target test container to the target production container through the front-end processor.
Step 206: and carrying out data processing in the target production container according to the code to be tested and the target real data to obtain an operation result.
Similar to the foregoing step 2041, in an embodiment of the present invention, performing data processing may include constructing a model to be tested according to the code to be tested, inputting the target real data into the model to be tested, and obtaining an output result output by the model to be run and a running time as a running result therein.
Step 207: and returning the operation result to the target user.
In yet another embodiment of the present invention, each target production container and each target test container may be managed by the container cluster management tool, the operation condition of each container is monitored, and when abnormal operation occurs, a preset container management action is performed in time, such as closing the container or copying a mirror image of the container for replacement.
Fig. 2 is a schematic structural diagram illustrating an apparatus for querying house source information according to an embodiment of the present invention. As shown in fig. 2, the apparatus 300 includes: a first acquisition module 301, a verification module 302 and a configuration module 303, a second acquisition module 304, a third acquisition module 305, a processing module 306 and a return module 307.
A first obtaining module 301, configured to obtain a data trial request sent by a target user, where the data trial request includes user verification information, a test data type, and test environment requirement information;
a verification module 302, configured to verify the user verification information, and when the user verification information passes verification, determine a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
a configuration module 303, configured to configure the target test container according to the test environment requirement information;
a second obtaining module 304, configured to obtain test sample data corresponding to the test data type into the target test container;
a third obtaining module 305, configured to obtain a code to be tested submitted by the target user in the target testing container;
the processing module 306 is configured to perform data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
a returning module 307, configured to return the test result to the target user.
In an optional manner, the processing module 305 is further configured to: acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user authentication information, a purchase data type and purchase environment requirement information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data of the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type to the target production container;
auditing the code to be tested;
when the code to be tested passes the audit, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and the target real data to obtain an operation result;
and returning the operation result to the target user.
In an optional manner, the test sample data is at least one of a plurality of candidate sample data, and the processing module 305 is further configured to:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test sample according to the test data type.
In an optional manner, the data trial request further includes an expected operation result, and the processing module 305 is further configured to:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an optional manner, the processing module 305 is further configured to:
carrying out vulnerability analysis on the code to be tested;
and when no loophole is detected in the code to be tested, performing data processing according to the target real data and the code to be tested.
In an optional manner, the processing module 305 is further configured to:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encrypted transmission is established between the front-end processor and the target production container;
and sending the codes to be tested in the target test container to the target production container through the front-end processor.
In an optional manner, the processing module 305 is further configured to:
performing data auditing on the data provided by the user;
and when the user provided data passes the verification, fusing the user provided data and the original real data corresponding to the purchase data type to obtain the target real data.
The test device in the data transaction of the embodiment of the invention provides only the test sample data in the target test container and the test result operated according to the test sample data to the target user in the data test stage, and all the target test containers are mutually isolated, so that on one hand, the separation of the data use right and the data ownership is realized, on the other hand, the mutual isolation of the data used by all the users is realized, and the data security during the test in the data transaction is improved.
Fig. 3 is a schematic structural diagram illustrating a test device in data transaction according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the test device in data transaction.
As shown in fig. 3, the test device in the data transaction may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein: the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. The processor 402, configured to execute the program 410, may specifically execute the relevant steps in the above-described test method embodiment for use in data transaction.
In particular, program 410 may include program code comprising computer-executable instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The test device in data transaction comprises one or more processors, which can be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Specifically, the program 410 may be invoked by the processor 402 to cause the testing device in the data transaction to perform the following operations:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, a test data type and test environment requirement information;
verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
configuring the target test container according to the test environment requirement information;
obtaining test sample data corresponding to the test data type to the target test container;
acquiring a code to be tested submitted by the target user in the target testing container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
In an alternative, the program 410 is invoked by the processor 402 to cause the test equipment in the data transaction to perform the following operations:
acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user authentication information, a purchase data type and purchase environment requirement information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data of the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type to the target production container;
auditing the code to be tested;
when the code to be tested passes the audit, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and the target real data to obtain an operation result;
and returning the operation result to the target user.
In an optional manner, the test sample data is at least one of a plurality of candidate sample data, and the program 410 is invoked by the processor 402 to cause the testing device in data transaction to perform the following operations:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test sample according to the test data type.
In an alternative, where the data purchase request further includes user-provided data, the program 410 is invoked by the processor 402 to cause the testing device in the data transaction to:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an alternative, where the data purchase request further includes user-provided data, the program 410 is invoked by the processor 402 to cause the testing device in the data transaction to:
carrying out vulnerability analysis on the code to be tested;
and when no loophole is detected in the code to be tested, performing data processing according to the target real data and the code to be tested.
In an alternative, where the data purchase request further includes user-provided data, the program 410 is invoked by the processor 402 to cause the testing device in the data transaction to:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encrypted transmission is established between the front-end processor and the target production container;
and sending the codes to be tested in the target test container to the target production container through the front-end processor.
In an alternative, where the data purchase request further includes user-provided data, the program 410 is invoked by the processor 402 to cause the testing device in the data transaction to:
performing data auditing on the data provided by the user;
and when the user provided data passes the verification, fusing the user provided data and the original real data corresponding to the purchase data type to obtain the target real data.
According to the test equipment in the data transaction, only the test sample data in the target test container and the test result which runs according to the test sample data are provided for the target user in the data test stage, and the target test containers are mutually isolated, so that on one hand, the separation of the data use right and the data ownership is realized, on the other hand, the mutual isolation of the data used by the users is realized, and the data security during the test in the data transaction is improved.
An embodiment of the present invention provides a computer-readable storage medium, where the storage medium stores at least one executable instruction, and when the executable instruction runs on a test device in data transaction, the test device in data transaction executes a test method in data transaction in any method embodiment described above.
The computer-readable storage medium provided by the embodiment of the invention only provides test sample data in the target test container and a test result which runs according to the test sample data for the target user in the data test stage, and all the target test containers are isolated from each other, so that on one hand, the separation of the data use right and the data ownership is realized, on the other hand, the separation of the data used by all the users is realized, and the data security during the test in the data transaction is improved.
The embodiment of the invention provides a testing device in data transaction, which is used for executing the testing method in the data transaction.
Embodiments of the present invention provide a computer program that can be invoked by a processor to enable a testing device in data transaction to execute a testing method in data transaction in any of the above-described method embodiments.
Embodiments of the present invention provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when run on a computer, cause the computer to perform a method of testing in data transactions in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.

Claims (10)

1. A method of testing in a data transaction, the method comprising:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, a test data type and test environment requirement information;
verifying the user verification information, and when the user verification information passes verification, determining a test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
configuring the target test container according to the test environment requirement information;
obtaining test sample data corresponding to the test data type to the target test container;
acquiring a code to be tested submitted by the target user in the target testing container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
2. The method of claim 1, further comprising, after returning the test results to the target user:
acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user authentication information, a purchase data type and purchase environment requirement information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data of the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type to the target production container;
auditing the code to be tested;
when the code to be tested passes the audit, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and the target real data to obtain an operation result;
and returning the operation result to the target user.
3. The method according to claim 1, wherein the test sample data is at least one of a plurality of candidate sample data, and before obtaining the test sample data corresponding to the test data type, the method comprises:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test sample according to the test data type.
4. The method of claim 2, wherein the data trial request further includes a result of expected operation, and the auditing the code to be tested further includes:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
5. The method of claim 4, wherein before the data processing according to the target real data and the code to be tested, further comprising:
carrying out vulnerability analysis on the code to be tested;
and when no loophole is detected in the code to be tested, performing data processing according to the target real data and the code to be tested.
6. The method of claim 2, prior to said deploying said code to be tested into said target production container, comprising:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encrypted transmission is established between the front-end processor and the target production container;
and sending the codes to be tested in the target test container to the target production container through the front-end processor.
7. The method according to claim 2, wherein the data purchase request further includes user-provided data, and the obtaining of the target real data corresponding to the purchase data type into the target production container includes:
performing data auditing on the data provided by the user;
and when the user provided data passes the verification, fusing the user provided data and the original real data corresponding to the purchase data type to obtain the target real data.
8. A test apparatus in data transaction, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a data trial request sent by a target user, and the data trial request comprises user verification information, a test data type and test environment requirement information;
the verification module is used for verifying the user verification information, and when the user verification information passes verification, one test container is determined from a plurality of test containers to be used as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
the configuration module is used for configuring the target test container according to the test environment requirement information;
the second acquisition module is used for acquiring test sample data corresponding to the test data type into the target test container;
the third acquisition module is used for acquiring a code to be tested submitted by the target user in the target test container;
the processing module is used for carrying out data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and the return module is used for returning the test result to the target user.
9. A test apparatus in data transaction, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is for storing at least one executable instruction that causes the processor to perform the operations of the method of testing in data transactions according to any one of claims 1 to 7.
10. A computer-readable storage medium having stored therein at least one executable instruction that, when run on a test device in a data transaction, causes the test device in the data transaction to perform the operations of the test method in the data transaction as claimed in any one of claims 1 to 7.
CN202110218258.9A 2021-02-26 2021-02-26 Test method, device, equipment and computer storage medium in data transaction Active CN113485905B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110218258.9A CN113485905B (en) 2021-02-26 2021-02-26 Test method, device, equipment and computer storage medium in data transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110218258.9A CN113485905B (en) 2021-02-26 2021-02-26 Test method, device, equipment and computer storage medium in data transaction

Publications (2)

Publication Number Publication Date
CN113485905A true CN113485905A (en) 2021-10-08
CN113485905B CN113485905B (en) 2023-09-05

Family

ID=77933373

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110218258.9A Active CN113485905B (en) 2021-02-26 2021-02-26 Test method, device, equipment and computer storage medium in data transaction

Country Status (1)

Country Link
CN (1) CN113485905B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104765682A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Offline detection method and system for cross-site scripting vulnerability
CN109582525A (en) * 2018-10-19 2019-04-05 京信通信系统(中国)有限公司 Test code verification method, verifying device, equipment and storage medium
CN109656829A (en) * 2018-12-24 2019-04-19 西安四叶草信息技术有限公司 Test method and device based on docker
CN110598446A (en) * 2019-09-16 2019-12-20 腾讯科技(深圳)有限公司 Block chain based test method and device, storage medium and computer equipment
CN110765026A (en) * 2019-10-31 2020-02-07 北京东软望海科技有限公司 Automatic testing method and device, storage medium and equipment
CN111339201A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Evaluation method and system based on block chain
CN111612135A (en) * 2020-05-22 2020-09-01 京东数字科技控股有限公司 Method and device for information interaction
CN111737104A (en) * 2019-10-25 2020-10-02 北京沃东天骏信息技术有限公司 Block chain network service platform, test case sharing method thereof and storage medium
CN112214413A (en) * 2020-10-27 2021-01-12 北京字节跳动网络技术有限公司 Application program testing method, device, equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104765682A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Offline detection method and system for cross-site scripting vulnerability
CN109582525A (en) * 2018-10-19 2019-04-05 京信通信系统(中国)有限公司 Test code verification method, verifying device, equipment and storage medium
CN109656829A (en) * 2018-12-24 2019-04-19 西安四叶草信息技术有限公司 Test method and device based on docker
CN110598446A (en) * 2019-09-16 2019-12-20 腾讯科技(深圳)有限公司 Block chain based test method and device, storage medium and computer equipment
CN111737104A (en) * 2019-10-25 2020-10-02 北京沃东天骏信息技术有限公司 Block chain network service platform, test case sharing method thereof and storage medium
CN110765026A (en) * 2019-10-31 2020-02-07 北京东软望海科技有限公司 Automatic testing method and device, storage medium and equipment
CN111339201A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Evaluation method and system based on block chain
CN111612135A (en) * 2020-05-22 2020-09-01 京东数字科技控股有限公司 Method and device for information interaction
CN112214413A (en) * 2020-10-27 2021-01-12 北京字节跳动网络技术有限公司 Application program testing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113485905B (en) 2023-09-05

Similar Documents

Publication Publication Date Title
US10073974B2 (en) Generating containers for applications utilizing reduced sets of libraries based on risk analysis
AU2022204197B2 (en) Security weakness and infiltration detection and repair in obfuscated website content
US11687645B2 (en) Security control method and computer system
US8613080B2 (en) Assessment and analysis of software security flaws in virtual machines
US11748487B2 (en) Detecting a potential security leak by a microservice
US11288376B2 (en) Identifying hard-coded secret vulnerability inside application source code
CN113260993B (en) Secure deployment and operation of virtual platform systems
US11048621B2 (en) Ensuring source code integrity in a computing environment
Ahamed et al. Security audit of docker container images in cloud architecture
Praitheeshan et al. Security evaluation of smart contract-based on-chain ethereum wallets
US11531763B1 (en) Automated code generation using analysis of design diagrams
CN116361807A (en) Risk management and control method and device, storage medium and electronic equipment
CN113485905B (en) Test method, device, equipment and computer storage medium in data transaction
CN114282221B (en) Injection type vulnerability detection method, system, terminal and storage medium
US20220067204A1 (en) System architecture for providing privacy by design
US11947694B2 (en) Dynamic virtual honeypot utilizing honey tokens and data masking
US11526617B2 (en) Information security system for identifying security threats in deployed software package
US11550925B2 (en) Information security system for identifying potential security threats in software package deployment
Mohanty et al. Security Testing of Web Applications UsingThreat Modeling: A Systematic Review
Alqarni et al. Evdd-a novel dataset for embedded system vulnerability detection mechanism
US20240054225A1 (en) Intelligent service security enforcement system
US20230376602A1 (en) Cyber security testing for incorrectly authorized programs
Irno Consalvo A bounded model checker for web cryptocurrency wallets
Shimizu et al. Test-suite-guided discovery of least privilege for cloud infrastructure as code
CN117272308A (en) Software security test method, device, equipment, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant