CN116305145A - Software integrity checking and testing method for safety management - Google Patents

Abstract

The invention discloses a software integrity checking and testing method for safety management, which relates to the technical field of software detection, wherein the checking comprises the following steps: making a test task required by the software integrity automatic detection system; searching a virtual machine existing on a server, putting the virtual machine into an information linked list, starting the virtual machine, and typing a test task into the virtual machine through a command; the single virtual machine starts to execute the accepted task, and a corresponding software installation package is found in a folder shared by the virtual machines according to a system matching principle in the software automatic installation module and is installed in an operating system of the virtual machine; installing software, starting the software, firstly matching the file integrity according to the previous template, recording the result if the matching is abnormal, and continuously matching all the contents to be matched by the system; after the file integrity matching is finished, testing the basic functions; and notifying the test result to complete the software integrity check.

Description

Software integrity checking and testing method for safety management

Technical Field

The invention relates to the technical field of software detection, in particular to an industrial control software testing system and a software testing method.

Background

Public safety software has the advantages of increasingly powerful functions, increasingly higher performance, increasingly larger scale, increasingly complex structure and composition, and problems such as incorrect dependency of a dynamic link library, missing binary files, abnormal basic function performance of the software and the like caused by irregular integrity detection of the software. The software integrity detection relates to the advantages of multiple elements, wide detection range, large workload, time and labor consumption and low detection accuracy of a general integrity detection mode.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides an industrial control software testing system and a software testing method.

The invention is realized by the following technical scheme: the invention discloses a software integrity checking method for safety management, which comprises the following steps:

making a test task required by the software integrity automatic detection system;

searching a virtual machine existing on a server, putting the virtual machine into an information linked list, starting the virtual machine, and typing a test task into the virtual machine through a command;

the single virtual machine starts to execute the accepted task, and a corresponding software installation package is found in a folder shared by the virtual machines according to a system matching principle in the software automatic installation module and is installed in an operating system of the virtual machine;

installing software, starting the software, firstly matching the file integrity according to the previous template, recording the result if the matching is abnormal, and continuously matching all the contents to be matched by the system;

after the file integrity matching is finished, carrying out command line mode verification of the basic function, and testing the basic function;

and notifying the test result to complete the software integrity check.

For the software integrity verification method in the invention, the verification system is provided with a plurality of modules, such as virtual machine modules, which have the function of dynamically adjusting resources, and different virtual machines are provided for test engineers to use according to different tasks. The module can solve the problem of long resource application time, so that the physical resource supply becomes simple and effective, and the period consumed by software integrity detection is shortened; and the software installation module can automatically judge the type of the operating system so as to automatically install the functions of the corresponding software products. The module can solve the problem that the manual guard installation of a test engineer takes a long time, and can verify whether software can be installed correctly, so that the workload template generation and comparison module of the test engineer is reduced, and the module has the functions of automatically generating a standard template and automatically detecting software products to be detected. The module should be able to formulate a quantitative standard to examine fixed values and fixed examination elements, and save the compared anomaly statistics for transmission to the test engineer.

By matching the module with the verification method in the application document, the virtual machine is selected as the bottom physical resource of the software integrity automatic detection system, and the virtual machine has the special advantages in resource supply and other advantages, such as saving the machine state after the test case fails, so that the investigation of the problem can be facilitated. If physical machines are used, these machines need to be occupied and cannot be used for other purposes until the problem is investigated, while the state of investigation on the physical machine is unrecoverable. If virtualization techniques are used, the software state under test may be saved to the virtual machine image; when the problems need to be investigated, the virtual machine images can be restored to the virtual machine at any time for investigation, and the state of the computer can be stored and restored at any time, so that an advantageous investigation method is provided for some problems which are not easy to reproduce.

Preferably, the step of informing the result of the test comprises:

step one: generating a test report;

step two: transmitting the test report to the terminal;

step three: and closing the virtual machine.

For the virtual machine, through virtualization technology, a user can simulate one or more virtual computers on one physical computer, and the virtual machines can work like real computers, for example, the user can install an operating system, access network resources, install an application program and the like. It is equivalent to an application running on a physical computer for the user, but is a real computer for applications residing in a virtual machine. Thus, when a user performs software detection in a virtual machine, a system crash may result, but only the operating system on the virtual machine, not the operating system on the physical computer, is crashed.

Further, the step of installing the software includes:

acquiring a suffix name of a software version to be installed from a task distributed to a virtual machine by a software integrity system, wherein the suffix name of the software can be exe, msi, tar, gz, rpm and the like;

acquiring system characteristics from current environment variables and acquiring related hardware and system information from a system configuration file by adopting scripts, so as to extract keywords capable of indicating the system characteristics for judgment, and finally determining the type of an operating system of a machine;

after the virtual machine system is judged and the type of the file to be installed can be obtained, the software automatic installation module searches for the corresponding installation package in the network file sharing folder, and in the matching search process, a regular expression is adopted to perform corresponding search and matching to obtain the name of the corresponding installation package;

and calling an installation script to install the matched software installation package.

Further, the step of matching the corresponding software installation package includes:

s100: generating a first template through software of which the software integrity is checked manually, and storing the first template into an XML format;

s200, performing S200; generating a second template in an XML format to be matched through software of the integrity of the software to be detected while executing the S1 OO;

s300: setting a matching degree threshold, matching the first template with the second template, and if the similarity of the first template and the second template exceeds the matching threshold, completing matching to generate a matching report; if the similarity of the first template and the second template does not exceed the matching threshold, matching is completed, software with software integrity is checked again through manual checking, a template is generated, and matching is conducted with the second template again.

Preferably, the test task includes at least one of script ID required for testing, test scene description of script, belonging test group ID, and specific test code.

The invention also provides a software testing method for safety management, which is characterized by comprising the following steps:

s101: providing a test application, checking the integrity of the software by a checking method, and testing the software passing the integrity check by using a test system;

s201: the test system executes the test application, if no defect exists, test summary is carried out, and related test cases are closed; if the defect is found, generating a defect report;

s301: confirming the defect report, if the defect report needs to be repaired, returning to the test system again, and distributing the defect treatment as a new task again by the test system;

s401: positioning and analyzing the defects, and repairing the defects;

s501: the repaired defects enter a regression testing process, become a new task to be distributed by the testing system, and repeat the step S201 until all the defects are processed correctly and effectively.

For the test method, by analyzing the defects and processing the defects in a plurality of cycles, the test planning system, the test design system and the test execution system can be an iterative process in the cycle system, task allocation is carried out by a test responsible person, quick response change is realized while the test task target is not influenced, the test strategy is adjusted at any time, and different situations of the defects can be specifically analyzed due to the cycle processing of the defects

Further, the defect states include:

the repaired state: the defect is repaired by the responsible person and passes the regression test;

state not yet repaired: defects have been repaired but fail regression testing, waiting for reprocessing;

delay solution state: judging that the defect does not need to be solved at present;

and the state is not required to be solved, and the defect is judged to be unnecessary to repair.

Further, the defect judging step includes:

matching the defects with test cases in a memory bank, and setting a matching similarity ratio as a first threshold;

if the test cases with the similarity exceeding the first threshold value are matched, judging that the defect is in a repaired state;

and if the test cases with the similarity exceeding the first threshold are not matched, manually judging the defects.

The invention discloses a software integrity checking and testing method for safety management, which enables a virtual machine to be selected as a bottom physical resource of a software integrity automatic detection system through the checking method in the application document, because the virtual machine has specific advantages in terms of resource supply and has various advantages in other aspects, such as the investigation of problems can be facilitated by saving the machine state after the test case fails. If physical machines are used, these machines need to be occupied and cannot be used for other purposes until the problem is investigated, while the state of investigation on the physical machine is unrecoverable. If virtualization techniques are used, the software state under test may be saved to the virtual machine image; when the problems need to be investigated, the virtual machine images can be restored to the virtual machine at any time for investigation, and the state of the computer can be stored and restored at any time, so that an advantageous investigation method is provided for some problems which are not easy to reproduce.

Drawings

FIG. 1 is a flow chart of a verification method according to an embodiment of the invention;

FIG. 2 is a flowchart illustrating steps for matching corresponding software installation packages according to an embodiment of the present invention.

Detailed Description

The following describes in detail the examples of the present invention, which are implemented on the premise of the technical solution of the present invention, and detailed embodiments and specific operation procedures are given, but the scope of protection of the present invention is not limited to the following examples.

The invention is realized by the following technical scheme: as shown in fig. 1, the invention discloses a software integrity checking method for security management, comprising the following steps:

making a test task required by the software integrity automatic detection system;

searching a virtual machine existing on a server, putting the virtual machine into an information linked list, starting the virtual machine, and typing a test task into the virtual machine through a command;

the single virtual machine starts to execute the accepted task, and a corresponding software installation package is found in a folder shared by the virtual machines according to a system matching principle in the software automatic installation module and is installed in an operating system of the virtual machine;

installing software, starting the software, firstly matching the file integrity according to the previous template, recording the result if the matching is abnormal, and continuously matching all the contents to be matched by the system;

after the file integrity matching is finished, carrying out command line mode verification of the basic function, and testing the basic function;

and notifying the test result to complete the software integrity check.

For the software integrity verification method in the invention, the verification system is provided with a plurality of modules, such as virtual machine modules, which have the function of dynamically adjusting resources, and different virtual machines are provided for test engineers to use according to different tasks. The module can solve the problem of long resource application time, so that the physical resource supply becomes simple and effective, and the period consumed by software integrity detection is shortened; and the software installation module can automatically judge the type of the operating system so as to automatically install the functions of the corresponding software products. The module can solve the problem that the manual guard installation of a test engineer takes a long time, and can verify whether software can be installed correctly, so that the workload template generation and comparison module of the test engineer is reduced, and the module has the functions of automatically generating a standard template and automatically detecting software products to be detected. The module should be able to formulate a quantitative standard to examine fixed values and fixed examination elements, and save the compared anomaly statistics for transmission to the test engineer.

By matching the module with the verification method in the application document, the virtual machine is selected as the bottom physical resource of the software integrity automatic detection system, and the virtual machine has the special advantages in resource supply and other advantages, such as saving the machine state after the test case fails, so that the investigation of the problem can be facilitated. If physical machines are used, these machines need to be occupied and cannot be used for other purposes until the problem is investigated, while the state of investigation on the physical machine is unrecoverable. If virtualization techniques are used, the software state under test may be saved to the virtual machine image; when the problems need to be investigated, the virtual machine images can be restored to the virtual machine at any time for investigation, and the state of the computer can be stored and restored at any time, so that an advantageous investigation method is provided for some problems which are not easy to reproduce.

The step of informing the result of the test includes:

step one: generating a test report;

step two: transmitting the test report to the terminal;

step three: and closing the virtual machine.

For the virtual machine, through virtualization technology, a user can simulate one or more virtual computers on one physical computer, and the virtual machines can work like real computers, for example, the user can install an operating system, access network resources, install an application program and the like. It is equivalent to an application running on a physical computer for the user, but is a real computer for applications residing in a virtual machine. Thus, when a user performs software detection in a virtual machine, a system crash may result, but only the operating system on the virtual machine, not the operating system on the physical computer, is crashed.

The step of installing software includes:

acquiring a suffix name of a software version to be installed from a task distributed to a virtual machine by a software integrity system, wherein the suffix name of the software can be exe, msi, tar, gz, rpm and the like;

acquiring system characteristics from current environment variables and acquiring related hardware and system information from a system configuration file by adopting scripts, so as to extract keywords capable of indicating the system characteristics for judgment, and finally determining the type of an operating system of a machine;

after the virtual machine system is judged and the type of the file to be installed can be obtained, the software automatic installation module searches for the corresponding installation package in the network file sharing folder, and in the matching search process, a regular expression is adopted to perform corresponding search and matching to obtain the name of the corresponding installation package;

and calling an installation script to install the matched software installation package.

Specifically, the method of nstall can be selected to automatically install software, corresponding parameters can be obtained from pa, the self-contained command line installation tool-msiexec of the Windows platform is called according to the corresponding parameters to install the software of the corresponding version, then corresponding installation information is intercepted from the msiexec process of the system and stored in an installation log so that a test engineer can read required information from the log, the msiexec on the Windows platform is a part of a Windows Installer, and the method can support the software installation of a non-graphical interface on the Windows platform.

As shown in fig. 2, the step of matching the corresponding software installation package includes:

s100: generating a first template through software of which the software integrity is checked manually, and storing the first template into an XML format;

s200, performing S200; generating a second template in an XML format to be matched through software of the integrity of the software to be detected while executing the S1 OO;

s300: setting a matching degree threshold, matching the first template with the second template, and if the similarity of the first template and the second template exceeds the matching threshold, completing matching to generate a matching report; if the similarity of the first template and the second template does not exceed the matching threshold, matching is completed, software with software integrity is checked again through manual checking, a template is generated, and matching is conducted with the second template again.

For the selection of XML, XML has mainly the following characteristics:

(1) XML simplifies data sharing. In the real world, computer systems and data use incompatible formats to store data. XML data is stored in plain text format, thus providing a software and hardware independent method of data storage. This makes it easier to create data that different applications can share.

(2) XML simplifies data transmission. With XML, data can be easily exchanged between incompatible systems. One of the most time consuming challenges for developers has been to exchange data between incompatible systems on the internet. Exchanging data in XML reduces this complexity because the data can be read by a variety of incompatible applications.

(3) XML simplifies changes to the platform. Upgrade to a new system (hardware or software platform) is always very time consuming. Large amounts of data must be converted and incompatible data is often lost. XML data is stored in a text format. This makes it easier for XML to be extended or upgraded to new operating systems, new applications, or new browsers without losing data.

(4) XML makes the data more useful. XML makes data more available and useful because it is independent of hardware, software, and applications. Different applications can access data, not only in HTML pages, but also from XML data sources. XML has excellent self-description properties and is therefore easy to use for object description and thus is suitable for describing the characteristics and element properties of a document

Preferably, the test task includes at least one of script ID required for testing, test scene description of script, belonging test group ID, and specific test code.

The invention also provides a software testing method for safety management, which is characterized by comprising the following steps:

s101: providing a test application, checking the integrity of the software by a checking method, and testing the software passing the integrity check by using a test system;

s201: the test system executes the test application, if no defect exists, test summary is carried out, and related test cases are closed; if the defect is found, generating a defect report;

s301: confirming the defect report, if the defect report needs to be repaired, returning to the test system again, and distributing the defect treatment as a new task again by the test system;

s401: positioning and analyzing the defects, and repairing the defects;

s501: the repaired defects enter a regression testing process, become a new task to be distributed by the testing system, and repeat the step S201 until all the defects are processed correctly and effectively.

For the test method, by analyzing the defects and processing the defects in a plurality of cycles, the test planning system, the test design system and the test execution system can be an iterative process in the cycle system, task allocation is carried out by a test responsible person, quick response change is realized while the test task target is not influenced, the test strategy is adjusted at any time, and different situations of the defects can be specifically analyzed due to the cycle processing of the defects

Further, the defect states include:

the repaired state: the defect is repaired by the responsible person and passes the regression test;

state not yet repaired: defects have been repaired but fail regression testing, waiting for reprocessing;

delay solution state: judging that the defect does not need to be solved at present;

and the state is not required to be solved, and the defect is judged to be unnecessary to repair.

Further, the defect judging step includes:

matching the defects with test cases in a memory bank, and setting a matching similarity ratio as a first threshold;

if the test cases with the similarity exceeding the first threshold value are matched, judging that the defect is in a repaired state;

and if the test cases with the similarity exceeding the first threshold are not matched, manually judging the defects. .

In summary, the invention discloses a testing system and method, for the circulation system in the invention, which is used for processing defects in circulation, reasonably distributing resources among business activities or tasks according to predefined execution steps and business rule scheduling flow examples, calling personnel and resources related to various activity steps by managing a work activity sequence, and providing automatic processing for business processes.

The present invention is not limited to the above-mentioned embodiments, and any person skilled in the art, based on the technical solution of the present invention and the inventive concept thereof, can be replaced or changed within the scope of the present invention.

It should be noted that in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (8)

1. A method for verifying software integrity for security management, comprising the steps of:

making a test task required by the software integrity automatic detection system;

searching a virtual machine existing on a server, putting the virtual machine into an information linked list, starting the virtual machine, and typing a test task into the virtual machine through a command;

the single virtual machine starts to execute the accepted task, and a corresponding software installation package is found in a folder shared by the virtual machines according to a system matching principle in the software automatic installation module and is installed in an operating system of the virtual machine;

installing software, starting the software, firstly matching the file integrity according to the previous template, recording the result if the matching is abnormal, and continuously matching all the contents to be matched by the system;

after the file integrity matching is finished, carrying out command line mode verification of the basic function, and testing the basic function;

and notifying the test result to complete the software integrity check.

2. A method of software integrity verification for security management as claimed in claim 1, wherein the step of informing the result of the test comprises:

generating a test report;

transmitting the test report to the terminal;

and closing the virtual machine.

3. A method of software integrity checking for security management as claimed in claim 2, wherein the step of installing software comprises:

acquiring a suffix name of a software version to be installed from a task distributed to a virtual machine by a software integrity system;

acquiring system characteristics from current environment variables and acquiring related hardware and system information from a system configuration file by adopting scripts, so as to extract keywords capable of indicating the system characteristics for judgment, and finally determining the type of an operating system of a machine;

after the virtual machine system is judged and the type of the file to be installed can be obtained, the software automatic installation module searches for the corresponding installation package in the network file sharing folder, and in the matching search process, a regular expression is adopted to perform corresponding search and matching to obtain the name of the corresponding installation package;

and calling an installation script to install the matched software installation package.

4. A method of software integrity checking for security management as claimed in claim 3, wherein the step of matching corresponding software installation packages comprises:

s100: generating a first template through software of which the software integrity is checked manually, and storing the first template into an XML format;

s200, performing S200; generating a second template in an XML format to be matched through software of the integrity of the software to be detected while executing the S1 OO;

s300: setting a matching degree threshold, matching the first template with the second template, and if the similarity of the first template and the second template exceeds the matching threshold, completing matching to generate a matching report; if the similarity of the first template and the second template does not exceed the matching threshold, matching is completed, software with software integrity is checked again through manual checking, a template is generated, and matching is conducted with the second template again.

5. A software integrity verification method for security management as defined in claim 4, wherein said test tasks include at least one of script ID required for testing, test scenario description of script, belonging test set ID, specific test code.

6. A software testing method for security management, comprising the steps of:

s101: providing a test application, checking the integrity of the software by the checking method according to any one of claims 1 to 5, and testing the software passing the integrity check by using a test system;

s201: the test system executes the test application, if no defect exists, test summary is carried out, and related test cases are closed; if the defect is found, generating a defect report;

s301: confirming the defect report, if the defect report needs to be repaired, returning to the test system again, and distributing the defect treatment as a new task again by the test system;

s401: positioning and analyzing the defects, and repairing the defects;

s501: the repaired defects enter a regression testing process, become a new task to be distributed by the testing system, and repeat the step S201 until all the defects are processed correctly and effectively.

7. The method of claim 5, wherein the defect status comprises:

the repaired state: the defect is repaired by the responsible person and passes the regression test;

state not yet repaired: defects have been repaired but fail regression testing, waiting for reprocessing;

delay solution state: judging that the defect does not need to be solved at present;

and the state is not required to be solved, and the defect is judged to be unnecessary to repair.

8. The method of claim 5, wherein the step of determining defects comprises:

matching the defects with test cases in a memory bank, and setting a matching similarity ratio as a first threshold;

if the test cases with the similarity exceeding the first threshold value are matched, judging that the defect is in a repaired state;

and if the test cases with the similarity exceeding the first threshold are not matched, manually judging the defects.

Images