CN113485905B - Test method, device, equipment and computer storage medium in data transaction - Google Patents
Test method, device, equipment and computer storage medium in data transaction Download PDFInfo
- Publication number
- CN113485905B CN113485905B CN202110218258.9A CN202110218258A CN113485905B CN 113485905 B CN113485905 B CN 113485905B CN 202110218258 A CN202110218258 A CN 202110218258A CN 113485905 B CN113485905 B CN 113485905B
- Authority
- CN
- China
- Prior art keywords
- data
- test
- target
- container
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- General Business, Economics & Management (AREA)
- Technology Law (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention relates to the technical field of data transaction and data opening, and discloses a testing method in data transaction, which comprises the following steps: acquiring a data trial request sent by a target user; verifying the user verification information, and determining one test container from the plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes; the data of the plurality of test containers are isolated from each other; configuring a target test container according to the test environment demand information; obtaining test sample data corresponding to the test data type into a target test container; acquiring a code to be tested submitted by a target user in a target test container; performing data processing in a target test container according to the code to be tested and the test sample data to obtain a test result; and returning the test result to the target user. By the mode, the embodiment of the invention realizes the test of the data security in the data transaction.
Description
Technical Field
The embodiment of the invention relates to the technical field of data transaction and data opening, in particular to a testing method, a testing device, testing equipment and a computer storage medium in data transaction.
Background
With the development and popularization of the internet and big data technology, data is an emerging and important production element, and gradually enters the market for buying and selling or is opened for use. In the existing data transaction or data opening field, data is generally used as commodity to directly conduct transaction, for example, a specific transmission interface is adopted to enable a data purchaser to obtain the data, or a data transfer mode such as data file copying or downloading is adopted.
All of these approaches transfer ownership of data from the database of the data provider directly or indirectly to the purchaser, and the transfer of ownership of data can cause misuse or forgery of data due to easy modification, easy replication and easy propagation of data, thereby compromising the benefits of the data provider and affecting good operation of data transactions and open markets.
In summary, the data security in the data transaction in the prior art is low.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a testing method, apparatus, device, and computer storage medium in data transaction, which are used to solve the problem of low data security of data transaction in the prior art.
According to an aspect of an embodiment of the present invention, there is provided a method of testing in a data transaction, the method comprising:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment demand information;
verifying the user verification information, and determining one test container from a plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes the verification; the data among the plurality of test containers are isolated from each other;
configuring the target test container according to the test environment demand information;
obtaining test sample data corresponding to the test data type into the target test container;
acquiring a code to be tested submitted by the target user in the target test container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
In an alternative, the method further comprises:
acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user verification information, purchase data type and purchase environment demand information;
Determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data among the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type into the target production container;
auditing the code to be tested;
when the code to be tested passes the verification, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and target real data to obtain an operation result;
and returning the operation result to the target user.
In an alternative manner, the test sample data is at least one of a plurality of candidate sample data, the method further comprising:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test samples according to the test data type.
In an alternative manner, the data trial request further includes an expected operation result, and the method further includes:
Performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an alternative, the method further comprises:
performing vulnerability analysis on the code to be tested;
and when the loophole is not detected in the code to be tested, carrying out data processing according to the target real data and the code to be tested.
In an alternative, the method further comprises:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encryption transmission is established between the front-end processor and the target production container;
and sending the code to be tested in the target test container to the target production container through the front-end processor.
In an optional manner, the data purchase request further includes user provided data, and the method further includes:
data auditing is carried out on the user provided data;
and when the user provided data passes the audit, fusing the user provided data with the original real data corresponding to the purchase data type to obtain the target real data.
According to another aspect of an embodiment of the present invention, there is provided a test device in a data transaction, including:
the first acquisition module is used for acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment demand information;
the verification module is used for verifying the user verification information, and when the user verification information passes, one test container is determined from a plurality of test containers to serve as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
the configuration module is used for configuring the target test container according to the test environment demand information;
the second acquisition module is used for acquiring test sample data corresponding to the test data type into the target test container;
The third acquisition module is used for acquiring a code to be tested submitted by the target user in the target test container;
the processing module is used for carrying out data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and the return module is used for returning the test result to the target user.
According to another aspect of an embodiment of the present invention, there is provided a test apparatus in a data transaction, including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform the operations of the test method in a data transaction as described in any of the foregoing embodiments.
According to another aspect of an embodiment of the present invention, there is provided a computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, and when the executable instruction is executed on a test device in a data transaction, the test device in the data transaction performs the operation of the test method in the data transaction according to any one of the embodiments of the Qi Ai Nianshu.
In the embodiment of the invention, a data trial request sent by a target user is firstly obtained, wherein the data trial request comprises user verification information, test data type and test environment demand information;
verifying the user verification information, and determining one test container from a plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes the verification; the data among the plurality of test containers are isolated from each other; thus, the mutual isolation of users in the test process of data transaction is realized; then configuring the target test container according to the test environment demand information, and acquiring test sample data corresponding to the test data type into the target test container after the configuration of the target test container is completed; the target user can write the code to be tested according to the test sample data, and then the code to be tested submitted by the target user in the target test container is obtained; performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result; and finally, returning the test result to the target user. Therefore, the invention is different from the prior art that the ownership of the data is directly handed to the data purchaser, only the test sample data in the test container and the test result operated according to the test sample data are provided for the target user in the data test stage, and the test containers are mutually isolated, so that the invention realizes the separation of the data use right and the data ownership on the one hand, and the mutual isolation of the data used by each user on the other hand, thereby improving the data security during the test in the data transaction.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific embodiments of the present invention are given for clarity and understanding.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a flow chart of a test method in data transaction according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a testing device in data transaction according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a test device in data transaction according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
Before proceeding with the description of the method of the embodiment of the present invention, the related terms are explained:
Virtualization technology: the method is characterized in that hardware resources such as a CPU and a memory are isolated by a Hypervisor on a physical computer, and a plurality of virtual servers are virtualized, so that a plurality of application programs can be installed on the physical server, the maximization of resource utilization is achieved, and a plurality of applications are isolated from each other.
A container: the container contains the complete runtime environment inside, i.e. the application itself and all dependencies, class libraries, other binary files, configuration files etc. required for this application. Each container looks like a real operating system, and by containerizing the application itself and its dependencies, the container's operation is not affected by the release of the operating system and other underlying environments. The container adopts a virtualization technology, that is, a host machine must be relied on, and a plurality of containers can be run on one host machine, but processes in the containers are isolated from each other and cannot be perceived from each other, that is, the containers are a safe resource structure isolated from each other.
Dock: refers to an open-source, lightweight container engine, which is mainly run in Linux and Windows, for creating, managing and orchestrating containers. Compared with a virtual machine, the Docker uses a container to bear an application program instead of an operating system, so that the cost is less and the performance is higher.
Kubenetes: refers to a container cluster management tool. In kubinetes, all containers were run in Pod. Pod is the smallest/simplest basic unit of Kubernetes creation or deployment, one Pod representing one process running on a cluster. One Pod may carry one or more associated containers, and containers in the same Pod may be deployed on the same physical machine and be able to share resources. A Pod encapsulates an application container, storage resources, a separate network IP, and policy options that govern the manner in which the container operates. Pod represents one unit of deployment: an instance of a single application in Kubernetes, it is possible to share a composed resource by a single container or multiple containers. Kubernetes is primarily used to deploy multiple Pod replicas based on the same Pod profile, and to create alternative pods when one Pod or machine is paralyzed.
FIG. 1 is a flow chart of a method for in-data-transaction testing, which is performed by an in-data-transaction testing device, according to an embodiment of the present invention. The test device in the data transaction can be a computer processing device, such as a mobile phone, a notebook computer and the like. As shown in fig. 1, the method comprises the steps of:
Step 101: and acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment requirement information.
In one embodiment of the present invention, the target user may submit a data trial request on a preset data service providing platform. The user verification information comprises a user account number, an account number password and the like, the test data type comprises data generation time, a data source area, the field to which the data belong and the like, and the test environment demand information comprises a memory, a CPU, a storage and the like.
The data service providing platform is provided with a preset trial service purchasing interface, and a certain amount of candidate sample data under various test data types are displayed on the trial service purchasing interface for a target user to check. After determining the type of test data to be tested, the target user can submit a data test request on the test service purchase interface and pay. And after successful payment is detected, generating a data test work order corresponding to the data test request in a preset work order library.
Step 102: verifying the user verification information, and determining one test container from a plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes the verification; the data among the plurality of test containers are isolated from each other.
The user verification information can be verified by matching an account password corresponding to the user account with a legal password prestored in a user information base, searching whether a data test work order corresponding to the user account exists in a preset work order base when the account password and the legal password are matched, and determining that the user verification information passes when the data test work order corresponding to the user account is searched.
The plurality of test receptacles may be pre-established based on the receptacle engine and receptacle cluster management tool. In one embodiment of the invention, the container engine may employ a docker and the container cluster management tool may be Kubernetes.
Step 103: and configuring the target test container according to the test environment demand information.
Configuring the target test container may include allocating a memory, a CPU, a storage, etc. corresponding to the test environment requirement information to the target test container, acquiring an IP address of the target test container, and associating the IP address with a user account of the target user.
Step 104: and obtaining test sample data corresponding to the test data type to the target test container.
The test sample data is at least one of a plurality of alternative sample data which are processed according to the original real data provided by the data providing platform. The original real data is adopted for processing, so that on one hand, the data testing efficiency of the operation result of the target user in the data trial stage is high, which is more similar to the operation result of the real production environment, and on the other hand, the target user does not completely acquire the use right of the original real data in the trial stage, therefore, in order to ensure the benefit of the data providing platform, the original real data is not directly provided for the user for testing.
Therefore, the original real data needs to be desensitized, in a further embodiment of the present invention, the test sample data is at least one of a plurality of candidate sample data, and before the test sample data corresponding to the test data type is obtained, the method further includes:
step 1041: and extracting the original real data from a preset data providing platform.
In one embodiment of the present invention, the data extraction may include three steps of data acquisition, data extraction, and data storage. The data acquisition can acquire original data meeting preset data conditions from a preset data providing platform through a crawler or a data acquisition interface. The data providing platform can be a government website, an enterprise website, a banking system and the like, and the preset data conditions comprise data time, data region and the like.
The data extraction may include converting the original data into a general format, filtering and aggregating the data, combining multiple data with relevance to generate a new form, and then querying or combining the new form with other original data to obtain the original data to be stored.
The data storage may include determining a data subject, a data type, etc. of the data to be stored, creating a data directory according to the data subject and the data type, layering the cleaned data according to the directory, and storing the layered data in a data warehouse to obtain the original real data.
It should be noted that, in the case of performing data extraction, there is a case of performing extraction across network domains, that is, the data providing platform, such as a government website, may be located in a specific intranet, and the data service providing platform is located in a network environment outside the intranet. In such an embodiment, reference may be made to the cross-domain transmission mode of the code to be tested in step 2052, that is, the original data is extracted from the data providing platform and sent to the preset front-end processor, and then the original data is sent to the data service providing platform through the front-end processor. The front-end processor and the data providing platform are in the same network, and encryption transmission is established between the front-end processor and the data service providing platform.
Step 1042: and desensitizing the original real data to obtain the alternative test sample.
The desensitization processing refers to data deformation of certain sensitive information in the original real data through a preset desensitization algorithm, so that the sensitive privacy data is reliably protected. In the case of client security data or some commercial sensitive data, under the condition of not violating legal regulations, the real data is modified and tested, and personal information such as an identity card number, a mobile phone number, a bank card number, a client number and the like needs to be subjected to data desensitization.
In one embodiment of the present invention, the preset desensitization algorithm may include the following: and carrying out alternative desensitization algorithm on the same pre-configured sensitive field in the multiple tables, wherein the alternative desensitization algorithm comprises fixed mapping, clearing, intercepting and the like. Such as alternative desensitization of the identification numbers in two different tables, so that the desensitized data can be kept consistent.
Step 1043: determining the test sample data from the alternative test samples according to the test data type.
Step 105: and acquiring a code to be tested submitted by the target user in the target test container.
In one embodiment of the present invention, a preset online development interface is further displayed in the data service providing platform, where the online development interface is used to provide an online compiling function for codes corresponding to a programming language based on Python or R. The user can create projects in the online development interface by using the purchased test sample data, modify and save project codes, submit the project codes as the codes to be tested and the like. The target user can use the purchased test sample data to analyze and code writing in the target test container, obtain the code to be tested and submit the code to the data service providing platform. In one embodiment of the invention, the online development interface may be implemented based on a code editor of notbook et al.
In yet another embodiment of the present invention, a plurality of preset alternative algorithm models are also displayed on the data service providing platform, and the target user can purchase each type of alternative algorithm model and submit the alternative algorithm model together in the data trial request. When the data trial request is detected to comprise the alternative algorithm model type information, the algorithm model codes corresponding to the type are sent to the target test container, so that the target user writes and obtains the codes to be tested required by the target user according to the algorithm model and the test sample data, and the development efficiency of the target user is improved.
Step 106: and performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result.
In one embodiment of the invention, data processing may include data analysis, data mining, model training, and the like. Specifically, a model to be tested is constructed according to the code to be tested or the code to be tested and an algorithm model selected by a user, test sample data is input into the model to be tested for operation, and an operation result of the model to be tested is obtained as a test result. Test results may include run time, output results, code error conditions, etc.
Step 107: and returning the test result to the target user.
The test results may be returned to the target user through the online development interface in step 105.
Considering that the target user is sold with the right to use the data, not the right to use the data, the user cannot directly access the real data, and thus, the target user is provided with a data trial method in the foregoing steps 101-107, and after the target user really purchases, the target user is provided with the right to use the purchased real data. Thus, in yet another embodiment of the present invention, after returning the test result to the target user, further comprising:
step 201: and acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user verification information, purchase data type and purchase environment demand information.
Step 202: determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data between the plurality of production containers are isolated from each other.
The production container and the test container are isolated from each other. The same target user corresponds to a target production container and a target test container respectively through user verification information.
Step 203: and acquiring target real data corresponding to the purchase data type into the target production container.
In practical application, the target user may own a certain amount of data in the field, and the required data service may be to fuse local data with original real data purchased by the target user, and then perform processes such as model construction, code training and the like according to the fused data.
Thus, in yet another embodiment of the present invention, the data purchase request further includes user provided data, and step 203 further includes steps 2031-2032:
step 2031: and data auditing is carried out on the data provided by the user.
In one embodiment of the invention, the data security audit includes performing outlier recognition, injection program recognition, analysis of data quality, etc. on the data, thereby ensuring that the target real data that is ultimately entered into the target production container does not cause damage to the target production container.
Step 2032: and when the user provided data passes the audit, fusing the user provided data with the original real data corresponding to the purchase data type to obtain the target real data.
Step 204: and auditing the code to be tested.
In one embodiment of the invention, the auditing of the code to be tested can comprise two aspects, namely, auditing the code function, including whether the code to be tested written by the target user can operate correctly, how the operating performance and whether the operating result can meet the testing purpose of the target user, and the like, so that the experience of the data service of the target user is ensured. And on the other hand, the code security is checked, including whether security holes such as malicious statement injection, path tampering and the like exist in the code or not is analyzed, so that target real data used when the code to be tested is operated is prevented from being stolen into the hands of a target user, and the benefit of a data providing platform side is ensured.
Thus, in one embodiment of the present invention, the data trial request further includes an expected operation result, where the expected operation result includes at least an expected output result and an expected operation time. In step 204, the code to be tested is audited, and the method further comprises a step 2041-a step 2043 for performing functional analysis:
step 2041: and carrying out data processing according to the target real data and the code to be tested to obtain a real operation result.
In one embodiment of the present invention, performing data processing may include constructing a model to be run according to the code to be tested, inputting target real data into the model to be run, and obtaining a real output result and a real running time output by the model to be run as a real running result.
Step 2042: and matching the real operation result with the expected operation result.
In one embodiment of the invention, the real output result may be matched to the predicted output result and the real run time may be matched to the predicted output time.
Step 2043: and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In one embodiment of the present invention, the reason that the actual running result does not match the expected running result may be that the code to be tested written by the target user has a technical problem, and the running result cannot be correctly run or the output result is inconsistent with the output envisaged by the target user. It is also possible that the target user masks his own real test intent, as stated in his expected running results, to train the model, but he actually wants to use the obtained target real data for further operations, such as stealing the data or injecting an attack into the platform, etc.
Therefore, in still another embodiment of the present invention, when the code to be tested fails to pass the audit, a problem analysis report of the code to be tested may also be generated and returned to the target user according to the matching result of the actual operation result and the expected operation result. The problem analysis report comprises reasons for failed code audit, problems existing in the code, code modification suggestions and the like, so that a target user is instructed to modify the code to be detected to submit the code again for testing, and therefore the conversion rate from data trial to data purchase is improved.
In yet another embodiment of the present invention, the code modification suggestions may be code complexity or algorithm performance evaluation and optimization suggestions for the code, and include computing resource configurations and the like required by the target user for which the predicted output results should match.
Thus, in a further embodiment of the present invention, step 20411-step 20412 is further included before step 2041:
step 20411: and performing vulnerability analysis on the code to be tested.
In one embodiment of the invention, performing vulnerability analysis may include, for example, checking whether malicious SQL statement injection, cross-site attack script inclusion, request falsification code, etc. exist in the code to be tested.
Step 20412: and when the loophole is not detected in the code to be tested, carrying out data processing according to the target real data and the code to be tested.
In still another embodiment of the present invention, when a bug is detected in the code to be detected, a preset early warning action may also be performed, such as freezing a user account of the target user, notifying an administrator of the data service providing platform, and the like.
Step 205: and when the code to be tested passes the verification, deploying the code to be tested into the target production container.
It should be noted that, the production container and the test container are also isolated from each other, so when the code to be tested is deployed across containers, in order not to damage the functional integrity and security of the code to be tested, the core service code and the environment configuration related code in the code to be tested can be identified, the environment configuration related code is adaptively modified according to the configuration information of the target production container, and meanwhile, the core service code is kept unchanged. The code to be tested in the target test container can be well adapted to the target production container while ensuring that the target real data cannot leak. Meanwhile, the container identification such as the IP address of the target production container is obtained, and the container identification is associated with the user account of the target user, so that the purpose that each target user corresponds to a special container is achieved, and the containers, namely the users, are isolated from each other.
Further, considering that in practical applications, the target production container to which the target real data is sent and the target test container may be in different networks, for example, in order to ensure that the target real data does not move out of the database of the data providing platform, the target production container may be located in a government or enterprise private network, while the target test container may be located in the internet for facilitating access of the target user, in order to achieve secure deployment in a cross-domain environment, in one embodiment of the present invention, before deployment in step 205, the method further includes:
step 2051: detecting whether the target production container and the target test container are in the same network.
And respectively acquiring IP addresses corresponding to the target production container and the target test container, performing network domain analysis on the IP addresses, and determining whether the target production container and the target test container are in the same network.
Step 2052: when the target production container and the target test container are not in the same network, the code to be tested in the target test container is sent to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encryption transmission is established between the front-end processor and the target production container.
In one embodiment of the invention, the front-end processor is first forced to identify, and after the front-end processor identity verification is passed, an encrypted transmission channel is established between the target production container and the front-end processor, and the encrypted transmission channel is used for transmitting the code to be tested, the target real data and the like. The encryption mode of the encrypted transmission channel can comprise various national cipher office algorithms including SM9 identification cipher algorithm, NTLS (Next generation Transport Layer Security, new generation security access) protocol and the like.
Step 2053: and sending the code to be tested in the target test container to the target production container through the front-end processor.
Step 206: and carrying out data processing in the target production container according to the code to be tested and the target real data to obtain an operation result.
Similar to the foregoing step 2041, in one embodiment of the present invention, performing data processing may include constructing a model to be tested according to the code to be tested, inputting target real data into the model to be tested, and obtaining an output result output by the model to be run and a run time as the run result herein.
Step 207: and returning the operation result to the target user.
In still another embodiment of the present invention, the container cluster management tool may be further used to manage each target production container and each target test container, monitor the operation condition of each container, and perform a preset container management action in time when an abnormal operation occurs, such as closing a container or copying a mirror image of the container for replacement.
Fig. 2 shows a schematic structural diagram of a device for querying house source information according to an embodiment of the present invention. As shown in fig. 2, the apparatus 300 includes: a first acquisition module 301, a verification module 302 and a configuration module 303, a second acquisition module 304, a third acquisition module 305, a processing module 306 and a return module 307.
The first obtaining module 301 is configured to obtain a data trial request sent by a target user, where the data trial request includes user verification information, a test data type, and test environment requirement information;
the verification module 302 is configured to verify the user verification information, and when the user verification information passes, determine one test container from a plurality of test containers as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
A configuration module 303, configured to configure the target test container according to the test environment requirement information;
a second obtaining module 304, configured to obtain test sample data corresponding to the test data type into the target test container;
a third obtaining module 305, configured to obtain a code to be tested submitted by the target user in the target test container;
the processing module 306 is configured to perform data processing in the target test container according to the code to be tested and the test sample data, so as to obtain a test result;
and a return module 307, configured to return the test result to the target user.
In an alternative way, the processing module 305 is further configured to: acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user verification information, purchase data type and purchase environment demand information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data among the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type into the target production container;
Auditing the code to be tested;
when the code to be tested passes the verification, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and target real data to obtain an operation result;
and returning the operation result to the target user.
In an alternative manner, the test sample data is at least one of a plurality of candidate sample data, and the processing module 305 is further configured to:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test samples according to the test data type.
In an alternative manner, the data trial request further includes a predicted operation result, and the processing module 305 is further configured to:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an alternative way, the processing module 305 is further configured to:
performing vulnerability analysis on the code to be tested;
and when the loophole is not detected in the code to be tested, carrying out data processing according to the target real data and the code to be tested.
In an alternative way, the processing module 305 is further configured to:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encryption transmission is established between the front-end processor and the target production container;
and sending the code to be tested in the target test container to the target production container through the front-end processor.
In an alternative way, the processing module 305 is further configured to:
data auditing is carried out on the user provided data;
and when the user provided data passes the audit, fusing the user provided data with the original real data corresponding to the purchase data type to obtain the target real data.
The test device in the data transaction of the embodiment of the invention realizes the separation of the data use right and the data ownership on the one hand and the mutual separation of the data used by each user on the other hand by only providing the test sample data in the target test container and the test result operated according to the test sample data for the target user in the data test stage and isolating each target test container from each other, thereby improving the data security during the test in the data transaction.
Fig. 3 is a schematic structural diagram of a test device in data transaction according to an embodiment of the present invention, which is not limited to the specific implementation of the test device in data transaction by the specific embodiment of the present invention.
As shown in fig. 3, the test device in the data transaction may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein: processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. Processor 402 is configured to execute program 410 and may specifically perform the relevant steps described above in the test method embodiments for use in data transactions.
In particular, program 410 may include program code including computer-executable instructions.
The processor 402 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included in the test device in the data transaction may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically invoked by processor 402 to cause test equipment in a data transaction to:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment demand information;
verifying the user verification information, and determining one test container from a plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes the verification; the data among the plurality of test containers are isolated from each other;
Configuring the target test container according to the test environment demand information;
obtaining test sample data corresponding to the test data type into the target test container;
acquiring a code to be tested submitted by the target user in the target test container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
In an alternative, the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user verification information, purchase data type and purchase environment demand information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data among the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type into the target production container;
auditing the code to be tested;
When the code to be tested passes the verification, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and target real data to obtain an operation result;
and returning the operation result to the target user.
In an alternative manner, the test sample data is at least one of a plurality of alternative sample data, and the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
extracting original real data from a preset data providing platform;
desensitizing the original real data to obtain the alternative test sample;
determining the test sample data from the alternative test samples according to the test data type.
In an alternative manner, the data purchase request further includes user-provided data, and the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
And when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
In an alternative manner, the data purchase request further includes user-provided data, and the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
performing vulnerability analysis on the code to be tested;
and when the loophole is not detected in the code to be tested, carrying out data processing according to the target real data and the code to be tested.
In an alternative manner, the data purchase request further includes user-provided data, and the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encryption transmission is established between the front-end processor and the target production container;
And sending the code to be tested in the target test container to the target production container through the front-end processor.
In an alternative manner, the data purchase request further includes user-provided data, and the program 410 is invoked by the processor 402 to cause the test device in the data transaction to:
data auditing is carried out on the user provided data;
and when the user provided data passes the audit, fusing the user provided data with the original real data corresponding to the purchase data type to obtain the target real data.
The test equipment in the data transaction of the embodiment of the invention realizes the separation of the data use right and the data ownership on the one hand and the mutual separation of the data used by each user on the other hand by only providing the test sample data in the target test container and the test result operated according to the test sample data for the target user in the data test stage and isolating each target test container from each other, thereby improving the data security during the test in the data transaction.
An embodiment of the present invention provides a computer readable storage medium storing at least one executable instruction that, when executed on a test device in a data transaction, causes the test device in the data transaction to execute a test method in the data transaction in any of the method embodiments described above.
The computer readable storage medium of the embodiment of the invention realizes the separation of the data use right and the data ownership on the one hand and the mutual separation of the data used by each user on the other hand by only providing the test sample data in the target test container and the test result operated according to the test sample data for the target user in the data test stage and isolating each target test container from each other, thereby improving the data security during the test in the data transaction.
The embodiment of the invention provides a testing device in data transaction, which is used for executing the testing method in the data transaction.
Embodiments of the present invention provide a computer program that is callable by a processor to cause a test device in a data transaction to perform a test method in a data transaction in any of the method embodiments described above.
Embodiments of the present invention provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when run on a computer, cause the computer to perform the test method in the data transaction in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component, and they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.
Claims (10)
1. A method of testing in a data transaction, the method comprising:
acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment demand information;
verifying the user verification information, and determining one test container from a plurality of test containers as a target test container corresponding to the user verification information when the user verification information passes the verification; the data among the plurality of test containers are isolated from each other;
configuring the target test container according to the test environment demand information;
obtaining test sample data corresponding to the test data type into the target test container;
acquiring a code to be tested submitted by the target user in the target test container;
performing data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and returning the test result to the target user.
2. The method of claim 1, further comprising, after returning the test result to the target user:
Acquiring a data purchase request sent by the target user, wherein the data purchase request comprises user verification information, purchase data type and purchase environment demand information;
determining one production container from a plurality of production containers according to the purchase environment demand information as a target production container corresponding to the user verification information; the data among the plurality of production containers are isolated from each other;
acquiring target real data corresponding to the purchase data type into the target production container;
auditing the code to be tested;
when the code to be tested passes the verification, deploying the code to be tested into the target production container;
performing data processing in the target production container according to the code to be tested and target real data to obtain an operation result;
and returning the operation result to the target user.
3. The method of claim 1, wherein the test sample data is at least one of a plurality of candidate sample data, comprising, prior to obtaining the test sample data corresponding to the test data type:
extracting original real data from a preset data providing platform;
Desensitizing the original real data to obtain alternative test samples;
determining the test sample data from the alternative test samples according to the test data type.
4. The method of claim 2, wherein the data trial request further includes a predicted running result, and wherein the auditing the code to be tested further includes:
performing data processing according to the target real data and the code to be tested to obtain a real operation result;
matching the real operation result with the expected operation result;
and when the real operation result is matched with the expected operation result, determining that the code to be tested passes the audit.
5. The method of claim 4, further comprising, prior to the data processing based on the target real data and the code to be tested:
performing vulnerability analysis on the code to be tested;
and when the loophole is not detected in the code to be tested, carrying out data processing according to the target real data and the code to be tested.
6. The method of claim 2, comprising, prior to said deploying the code to be tested into the target production container:
Detecting whether the target production container and the target test container are in the same network;
when the target production container and the target test container are not in the same network, sending a code to be tested in the target test container to a preset front-end processor, wherein the front-end processor and the target test container are in the same network, and encryption transmission is established between the front-end processor and the target production container;
and sending the code to be tested in the target test container to the target production container through the front-end processor.
7. The method according to claim 2, wherein the data purchase request further includes user-provided data, and the obtaining target real data corresponding to the purchase data type into the target production container includes:
data auditing is carried out on the user provided data;
and when the user provided data passes the audit, fusing the user provided data with the original real data corresponding to the purchase data type to obtain the target real data.
8. A test device in a data transaction, the device comprising:
The first acquisition module is used for acquiring a data trial request sent by a target user, wherein the data trial request comprises user verification information, test data types and test environment demand information;
the verification module is used for verifying the user verification information, and when the user verification information passes, one test container is determined from a plurality of test containers to serve as a target test container corresponding to the user verification information; the data among the plurality of test containers are isolated from each other;
the configuration module is used for configuring the target test container according to the test environment demand information;
the second acquisition module is used for acquiring test sample data corresponding to the test data type into the target test container;
the third acquisition module is used for acquiring a code to be tested submitted by the target user in the target test container;
the processing module is used for carrying out data processing in the target test container according to the code to be tested and the test sample data to obtain a test result;
and the return module is used for returning the test result to the target user.
9. A test device in a data transaction, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
The memory is configured to hold at least one executable instruction that causes the processor to perform the operations of the test method in a data transaction as claimed in any one of claims 1 to 7.
10. A computer readable storage medium having stored therein at least one executable instruction which, when executed on a test device in a data transaction, causes the test device in the data transaction to perform the operations of the test method in the data transaction as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110218258.9A CN113485905B (en) | 2021-02-26 | 2021-02-26 | Test method, device, equipment and computer storage medium in data transaction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110218258.9A CN113485905B (en) | 2021-02-26 | 2021-02-26 | Test method, device, equipment and computer storage medium in data transaction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113485905A CN113485905A (en) | 2021-10-08 |
| CN113485905B true CN113485905B (en) | 2023-09-05 |
Family
ID=77933373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110218258.9A Active CN113485905B (en) | 2021-02-26 | 2021-02-26 | Test method, device, equipment and computer storage medium in data transaction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113485905B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104765682A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Offline detection method and system for cross-site scripting vulnerability |
| CN109582525A (en) * | 2018-10-19 | 2019-04-05 | 京信通信系统(中国)有限公司 | Test code verification method, verifying device, equipment and storage medium |
| CN109656829A (en) * | 2018-12-24 | 2019-04-19 | 西安四叶草信息技术有限公司 | Test method and device based on docker |
| CN110598446A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain based test method and device, storage medium and computer equipment |
| CN110765026A (en) * | 2019-10-31 | 2020-02-07 | 北京东软望海科技有限公司 | Automatic testing method and device, storage medium and equipment |
| CN111339201A (en) * | 2020-02-28 | 2020-06-26 | 中国工商银行股份有限公司 | Evaluation method and system based on block chain |
| CN111612135A (en) * | 2020-05-22 | 2020-09-01 | 京东数字科技控股有限公司 | Method and device for information interaction |
| CN111737104A (en) * | 2019-10-25 | 2020-10-02 | 北京沃东天骏信息技术有限公司 | Block chain network service platform, test case sharing method thereof and storage medium |
| CN112214413A (en) * | 2020-10-27 | 2021-01-12 | 北京字节跳动网络技术有限公司 | Application program testing method, device, equipment and storage medium |
-
2021
- 2021-02-26 CN CN202110218258.9A patent/CN113485905B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104765682A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Offline detection method and system for cross-site scripting vulnerability |
| CN109582525A (en) * | 2018-10-19 | 2019-04-05 | 京信通信系统(中国)有限公司 | Test code verification method, verifying device, equipment and storage medium |
| CN109656829A (en) * | 2018-12-24 | 2019-04-19 | 西安四叶草信息技术有限公司 | Test method and device based on docker |
| CN110598446A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain based test method and device, storage medium and computer equipment |
| CN111737104A (en) * | 2019-10-25 | 2020-10-02 | 北京沃东天骏信息技术有限公司 | Block chain network service platform, test case sharing method thereof and storage medium |
| CN110765026A (en) * | 2019-10-31 | 2020-02-07 | 北京东软望海科技有限公司 | Automatic testing method and device, storage medium and equipment |
| CN111339201A (en) * | 2020-02-28 | 2020-06-26 | 中国工商银行股份有限公司 | Evaluation method and system based on block chain |
| CN111612135A (en) * | 2020-05-22 | 2020-09-01 | 京东数字科技控股有限公司 | Method and device for information interaction |
| CN112214413A (en) * | 2020-10-27 | 2021-01-12 | 北京字节跳动网络技术有限公司 | Application program testing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113485905A (en) | 2021-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12001586B2 (en) | Searchable index encryption | |
| AU2022204197B2 (en) | Security weakness and infiltration detection and repair in obfuscated website content | |
| US10073974B2 (en) | Generating containers for applications utilizing reduced sets of libraries based on risk analysis | |
| US11687645B2 (en) | Security control method and computer system | |
| US11748487B2 (en) | Detecting a potential security leak by a microservice | |
| US20120072968A1 (en) | Assessment and analysis of software security flaws in virtual machines | |
| US11048621B2 (en) | Ensuring source code integrity in a computing environment | |
| CN108205491B (en) | NKV 6.0.0 system-based trusted technology compatibility testing method | |
| Ahamed et al. | Security audit of docker container images in cloud architecture | |
| US11531763B1 (en) | Automated code generation using analysis of design diagrams | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| Reantongcome et al. | Securing and trustworthy blockchain-based multi-tenant cloud computing | |
| Gonçalves et al. | Towards a catalogue of reusable security requirements, risks and vulnerabilities | |
| CN113485905B (en) | Test method, device, equipment and computer storage medium in data transaction | |
| US20230177169A1 (en) | Combining policy compliance and vulnerability management for risk assessment | |
| US11321611B2 (en) | Deployment verification of authenticity of machine learning results | |
| US20220067204A1 (en) | System architecture for providing privacy by design | |
| US11947694B2 (en) | Dynamic virtual honeypot utilizing honey tokens and data masking | |
| JP2023541235A (en) | Identifying SIEM event types | |
| US20230376602A1 (en) | Cyber security testing for incorrectly authorized programs | |
| D'Oliveira | Application of standards for vulnerability prevention in virtualization systems | |
| Irno Consalvo | A bounded model checker for web cryptocurrency wallets | |
| CN117834265A (en) | Abnormal network request testing method and system | |
| CN117272308A (en) | Software security test method, device, equipment, storage medium and program product | |
| Didone et al. | Forensics as a Service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |