CN116933246A - Method and device for executing application program in sandbox environment - Google Patents

Method and device for executing application program in sandbox environment Download PDF

Info

Publication number
CN116933246A
CN116933246A CN202210340733.4A CN202210340733A CN116933246A CN 116933246 A CN116933246 A CN 116933246A CN 202210340733 A CN202210340733 A CN 202210340733A CN 116933246 A CN116933246 A CN 116933246A
Authority
CN
China
Prior art keywords
application program
resource
record
environment
executing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210340733.4A
Other languages
Chinese (zh)
Inventor
陆允基
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202210340733.4A priority Critical patent/CN116933246A/en
Publication of CN116933246A publication Critical patent/CN116933246A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a method and a device for executing an application program in a sandbox environment, and relates to the technical field of computer testing. One embodiment of the method comprises the following steps: a fully defined path for a method of reading an application in a configuration file; adding a data recording instruction into the method; executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction; building a sandbox environment in a test environment, and executing the application program in the sandbox environment based on the resource call record so as to intercept the call to the external resource; the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment. The implementation mode can solve the technical problem that non-preset resources cannot be isolated in a configuration mode.

Description

Method and device for executing application program in sandbox environment
Technical Field
The present invention relates to the field of computer testing technology, and in particular, to a method and apparatus for executing an application program in a sandbox environment.
Background
The sandbox is an execution environment for limiting the program behavior according to a security policy, and the sandbox technology is a software running environment constructed through the program and can be isolated from other dependent environments.
Executing programs are classified in Java into local instructions, which by default are considered trusted, and remote instructions, which are considered untrusted. For trusted local instructions, all local resources can be accessed, while for non-trusted remote instructions in early Java implementations, security relies on sandboxed mechanisms.
The current latest security mechanism introduces the concept of domains, virtual machines load all instructions into different system domains and application domains, the system domain part is specially responsible for interacting with key resources, and each application domain part accesses various needed resources through part agents of the system domain. However, in the prior art, whether to isolate the preset resources can only be selected in a configuration mode, and the isolation of the non-preset resources can only be realized by manually writing instructions.
Disclosure of Invention
In view of this, the embodiments of the present invention provide a method and apparatus for executing an application program in a sandbox environment, so as to solve the technical problem that non-preset resources cannot be isolated by a configuration manner.
To achieve the above object, according to one aspect of an embodiment of the present invention, there is provided a method of executing an application in a sandboxed environment, including:
a fully defined path for a method of reading an application in a configuration file;
adding a data recording instruction into the method;
executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction;
building a sandbox environment in a test environment, and executing the application program in the sandbox environment based on the resource call record so as to intercept the call to the external resource;
the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
Optionally, the resource call record includes a universally unique identification code, a fully defined path of the method, a request parameter, a return parameter, and an application identification.
Optionally, before building the sandboxed environment in the test environment, further comprising:
marking a first resource call record generated when the application program is executed as a packager method record;
And marking other resource call records generated when the application program is executed as simulator method records.
Optionally, before building the sandboxed environment in the test environment, further comprising:
performing de-duplication processing on the request parameters, and only reserving request parameters with different attribute combinations;
and asynchronously uploading the resource call record after the duplication removal to a relational database.
Optionally, executing the application program in the sandboxed environment based on the resource call record to intercept the call to the external resource, including:
reading a resource call record corresponding to the application program identifier into a file;
executing the application program in the sandbox environment, and calling the resource call record in the file in the process of executing the application program so as to intercept the call to the external resource.
Optionally, executing the application program in the sandboxed environment, and calling a resource call record in the file in the process of executing the application program to intercept the call to the external resource, including:
configuring the application in the sandboxed environment;
searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record;
Obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory;
executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource.
Optionally, executing the encapsulator method record corresponding method by way of method reflection to intercept the call to the external resource, including:
searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record;
judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record;
if yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource.
Optionally, executing the corresponding method of the encapsulator method record by a method reflection mode to intercept the call to the external resource, and further including:
if the request parameters in the sandbox environment are inconsistent with the request parameters in the simulator method records, or if the return parameters in the sandbox environment are inconsistent with the return parameters in the packager method records;
The judgment result is sent to the target person.
In addition, according to another aspect of an embodiment of the present invention, there is provided an apparatus for executing an application program in a sandboxed environment, including:
a reading module for reading a fully defined path of a method of an application in a configuration file;
the enhancement module is used for adding a data recording instruction into the method;
the recording module is used for executing the application program in an online environment, so that when the application program calls an external resource, the resource call record is recorded through the data recording instruction;
the execution module is used for constructing a sandbox environment in the test environment, and executing the application program based on the resource call record in the sandbox environment so as to intercept the call to the external resource;
the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
Optionally, the resource call record includes a universally unique identification code, a fully defined path of the method, a request parameter, a return parameter, and an application identification.
Optionally, the recording module is further configured to:
before a sandbox environment is built in a test environment, marking a first resource call record generated when the application program is executed as a packager method record;
And marking other resource call records generated when the application program is executed as simulator method records.
Optionally, the recording module is further configured to:
before a sandbox environment is built in the test environment, carrying out de-duplication treatment on the request parameters, and only reserving request parameters with different attribute combinations;
and asynchronously uploading the resource call record after the duplication removal to a relational database.
Optionally, the execution module is further configured to:
reading a resource call record corresponding to the application program identifier into a file;
executing the application program in the sandbox environment, and calling the resource call record in the file in the process of executing the application program so as to intercept the call to the external resource.
Optionally, the execution module is further configured to:
configuring the application in the sandboxed environment;
searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record;
obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory;
executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource.
Optionally, the execution module is further configured to:
searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record;
judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record;
if yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource.
Optionally, the execution module is further configured to:
if the request parameters in the sandbox environment are inconsistent with the request parameters in the simulator method records, or if the return parameters in the sandbox environment are inconsistent with the return parameters in the packager method records;
the judgment result is sent to the target person.
According to another aspect of an embodiment of the present invention, there is also provided an electronic device including:
one or more processors;
storage means for storing one or more programs,
the one or more processors implement the method of any of the embodiments described above when the one or more programs are executed by the one or more processors.
According to another aspect of an embodiment of the present invention, there is also provided a computer readable medium having stored thereon a computer program which, when executed by a processor, implements the method according to any of the embodiments described above.
One embodiment of the above invention has the following advantages or benefits: because the application program is executed in the online environment, so that the application program records the resource calling record through the data recording instruction when the external resource is called, a sandbox environment is built in the test environment, and the application program is executed based on the resource calling record in the sandbox environment so as to intercept the calling of the external resource, the technical problem that the non-preset resource cannot be isolated through the configuration mode in the prior art is solved. According to the embodiment of the invention, whether the non-preset resources are isolated or not can be selected through a configuration mode, whether the instruction modification can be adapted to the original data record can be verified, no matter how violent the performance test is, the performance test can not be influenced on other resources, and therefore the controllable and risk-free performance test is realized.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the main flow of a method of executing an application in a sandboxed environment in accordance with an embodiment of the invention;
FIG. 2 is a schematic diagram of an application program execution process according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of the main flow of invoking an external resource according to an embodiment of the invention;
FIG. 4 is a schematic diagram of the main flow of a method of executing an application in a sandboxed environment in accordance with one referenceable embodiment of the invention;
FIG. 5 is a schematic diagram of the major modules of an apparatus for executing an application in a sandboxed environment in accordance with an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In today's distributed program deployment environment, there is a great deal of resource dependence, such as databases, message queues, remote program calls, etc., which are all uncontrollable and can have an impact on sandboxed environment operation. The embodiment of the invention uses the real data in the online environment to construct the sandbox environment locally, intercepts the call of the application program to the external resource, and enables the application program to run in the independent sandbox environment.
FIG. 1 is a schematic diagram of the main flow of a method of executing an application in a sandboxed environment in accordance with an embodiment of the invention. As an embodiment of the present invention, as shown in fig. 1, the method for executing an application program in a sandboxed environment may include:
step 101, a fully defined path of the method of the application in the configuration file is read.
Before step 101, the fully defined path corresponding to each method of the application program needs to be configured in the configuration file, and then the fully defined path corresponding to each method of the application program is read from the configuration file in an online environment. The fully defined paths of the methods of the application program are configured in the configuration file, and the call of the application program to external resources (not preset external resources) is realized in a configuration mode, so that the application program runs in an independent sandbox environment.
The method is a method which needs to be called when the application program processes the request. As shown in fig. 2, taking an execution process of the server application as an example, after the server application receives an external request, the server application executes a doit method (execution method), and sequentially executes an invokeData method (call data method) and a sendMessage method (send message method) in the doit method, where both the invokeData method and the sendMessage method call external resources. To record the external call records of these methods, the fully defined path of the above methods can be configured through a configuration file, thereby recording the resource call records of these methods,
Step 102, adding a data recording instruction in the method.
Optionally, a byte code enhancement technology can be utilized, and a data recording instruction is added into the corresponding method, wherein the data recording instruction is used for recording resource calling records corresponding to the methods; wherein the resource call record may include: a universally unique identification code (UUID), a fully defined path for the method, request parameters (Json format), return parameters (Json format), and application identification. Thus, real data can be captured in an on-line environment by incorporating data logging instructions into the method.
And step 103, executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction.
In today's server applications, there are basically multiple resource dependencies and none of the program instructions execute independently, often requiring calls to remote programs. The external resource is a resource dependency outside the sandboxed environment, as shown in fig. 3, and in the present distributed program deployment environment, there may be a great deal of resource dependency, such as external resource dependencies of databases, message queues, remote program calls, and the like.
The embodiment of the invention executes the application program in an online environment, so that when the application program calls external resources (such as a database, a message queue, remote program call and other non-preset resources), the resource call record is recorded through the data record instruction. The resource call record comprises a universal unique identification code, a fully defined path of a method, a request parameter, a return parameter and an application program identification.
It should be noted that the resource call record of all methods under the same execution call will use the same universal unique identification code, and the execution call refers to various event-triggered calls, such as http request, remote call, timer program, etc. When an application is invoked in an on-line environment, a universally unique identifier is generated in the thread context, and when the thread generates a record, the record is associated with the universally unique identifier and cleared after the execution of the call is completed.
Optionally, before step 104, the method may further include: marking a first resource call record generated when the application program is executed as a packager method record; and marking other resource call records generated when the application program is executed as simulator method records. After the resource calling record is recorded through the data recording instruction, the resource calling record can be further classified and identified to form a real data set, and the real data set is stored in a corresponding database. When the application program is executed in the sandbox environment, the corresponding return parameters are extracted from the database to be used as resource data, so that the application program can call external resources, and the application program can run in the independent sandbox environment. In an embodiment of the present invention, the first record resulting from executing a call is classified as a wrapper method (wrapper method) record, and the other records resulting from executing a call are classified as simulator method (mocker method) records. Taking the method in fig. 2 as an example, the doit method is a wrapper method, the record generated by calling the method is a wrapper method record, the invokeData method and the sendMessage method are both a molker method, and the record generated by calling the two methods is a molker method record.
Optionally, before step 104, the method may further include: performing de-duplication processing on the request parameters, and only reserving request parameters with different attribute combinations; and asynchronously uploading the resource call record after the duplication removal to a relational database. For the continuously expanded recorded data volume, each wrapper record can be used as a deduplication condition according to the combination condition of attributes with data non-null in the request parameters, only the attribute combinations which do not appear yet remain, and other attribute combinations can be deleted. Such as: if the request parameters include attribute 1 and attribute 2, the reserved attribute combination is: attribute 1 and attribute 2 have values, attribute 1 has a value and attribute 2 has no value, attribute 1 has no value and attribute 2 has a value, and attribute 1 and attribute 2 have no value. The data record is temporarily stored in the memory, and then the individual threads are used for counting and sending the resource call record at fixed time, so that the resource call record is stored in the relational database.
And 104, constructing a sandbox environment in the test environment, and executing the application program in the sandbox environment based on the resource call record so as to intercept the call to the external resource.
A sandbox environment is built in the test environment, the application program is then executed in the sandbox environment, and a resource call record is called in the process of executing the application program so as to intercept the call to the external resource. It should be noted that the application program executed in step 104 may be an application program modified by an instruction, or may be an application program not modified by an instruction, which is not limited by the embodiment of the present invention.
Optionally, executing the application program in the sandboxed environment based on the resource call record to intercept the call to the external resource, including: reading a resource call record corresponding to the application program identifier into a file; executing the application program in the sandbox environment, and calling the resource call record in the file in the process of executing the application program so as to intercept the call to the external resource. After a sandbox environment is formed in the test environment, corresponding resource call records are obtained from a database according to application program identifications, all the resource call records are stored in a local file, then the application program is executed in the sandbox environment, and in the process of executing the application program, the resource call records are called in the local file so as to intercept the call of the application program to external resources.
Optionally, executing the application program in the sandboxed environment, and calling a resource call record in the file in the process of executing the application program to intercept the call to the external resource, including: configuring the application in the sandboxed environment; searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record; obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory; executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource. And configuring a program method to be executed in the sandbox environment, searching all wrapper method records in the file, acquiring UUIDs in the corresponding records after the corresponding records are matched, reading all associated wrapper method records into a memory, and finally executing the wrapper method in a method reflection mode.
Optionally, executing the encapsulator method record corresponding method by way of method reflection to intercept the call to the external resource, including: searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record; judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record; if yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource. During program execution, all methods are enhanced through byte codes, when each method is executed, a completely defined path of the method is read, then request parameters are searched in corresponding pocket method records through the completely defined path of the method, and whether the request parameters in a sandbox environment are consistent with the request parameters in the pocket method records or not is judged; if the parameters are consistent, the return parameters in the record of the mocker method are directly returned, and resource call is intercepted, so that the function of separating dependent resources is achieved. If the request parameters in the sandbox environment are inconsistent with the request parameters in the mocker method record, intercepting the resource call, determining that the modification of the instruction of the application program has an influence on the data, and directly feeding back the data to the research and development personnel for analysis and judgment.
When the application program is re-executed in the sandbox environment, the response time regulation and control can be carried out on the mocker method, no matter how violent the performance test is, other resources are not affected, and therefore the controllable and risk-free performance test is achieved.
According to the various embodiments described above, it can be seen that the technical means of executing the application program in the online environment, so that the application program records the resource call record through the data record instruction when the external resource is called, constructs a sandbox environment in the test environment, and executes the application program in the sandbox environment based on the resource call record, so as to intercept the call of the external resource, and solve the technical problem that the non-preset resource cannot be isolated in the configuration mode in the prior art. According to the embodiment of the invention, whether the non-preset resources are isolated or not can be selected through a configuration mode, whether the instruction modification can be adapted to the original data record can be verified, no matter how violent the performance test is, the performance test can not be influenced on other resources, and therefore the controllable and risk-free performance test is realized.
FIG. 4 is a schematic diagram of the main flow of a method of executing an application in a sandboxed environment in accordance with one referenceable embodiment of the invention. As yet another embodiment of the present invention, as shown in fig. 4, the method for executing an application program in a sandboxed environment may include:
Step 401, configuring the fully defined path corresponding to each method of the application program in the configuration file.
Step 402, a fully defined path for a method of reading an application in a configuration file.
In today's server applications, there are basically multiple resource dependencies and none of the program instructions execute independently, often requiring calls to remote programs. The method and the device have the advantages that the completely defined paths corresponding to the methods of the application program are read from the configuration file in the online environment, the completely defined paths of the methods of the application program are configured in the configuration file, the application program can call external resources in a configuration mode, and the application program can run in an independent sandbox environment.
In step 403, a data recording instruction is added to the method using a byte code enhancement technique.
The data recording instruction is used for recording resource calling records corresponding to the methods; wherein the resource call record may include: a universally unique identification code (UUID), a fully defined path for the method, request parameters (Json format), return parameters (Json format), and application identification. Thus, real data can be captured in an on-line environment by incorporating data logging instructions into the method.
And step 404, executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction.
The embodiment of the invention executes the application program in an online environment, so that when the application program calls external resources (such as a database, a message queue, remote program call and other non-preset resources), the resource call record is recorded through the data record instruction. Optionally, the resource call record includes a universally unique identification code, a fully defined path of the method, a request parameter, a return parameter, and an application identification.
In step 405, a first resource call record generated when the application is executed is marked as an encapsulator method record, and other resource call records generated when the application is executed are marked as simulator method records.
And 406, performing deduplication processing on the request parameters, only reserving request parameters with different attribute combinations, and asynchronously uploading the resource call record after deduplication to a relational database.
After the resource calling record is recorded through the data recording instruction, the resource calling record can be further classified and identified to form a real data set, and the real data set is stored in a corresponding database. When the application program is executed in the sandbox environment, the corresponding return parameters are extracted from the database to be used as resource data, so that the application program can call external resources, and the application program can run in the independent sandbox environment. In addition, for the continuously expanded record data volume, each wrapper record can be used as a deduplication condition according to the combination condition of attributes of which the data in the request parameters is not empty, only the attribute combination which does not appear yet is reserved, and other attribute combinations can be deleted.
And step 407, constructing a sandbox environment in the test environment, and reading the resource call record corresponding to the application program identifier from the relational database to a file.
After the sandboxed environment is formed in the test environment, the corresponding resource call records are obtained from the database according to the application program identification, and the resource call records are all stored in the local file.
And step 408, executing the application program in the sandboxed environment, and calling a resource call record in the file in the process of executing the application program so as to intercept the call to the external resource.
Executing the application program in a sandbox environment, and calling a resource call record in a local file in the process of executing the application program so as to intercept the call of the application program to an external resource.
Optionally, executing the application program in the sandboxed environment, and calling a resource call record in the file in the process of executing the application program to intercept the call to the external resource, including: configuring the application in the sandboxed environment; searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record; obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory; executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource. And configuring a program method to be executed in the sandbox environment, searching all wrapper method records in the file, acquiring UUIDs in the corresponding records after the corresponding records are matched, reading all associated wrapper method records into a memory, and finally executing the wrapper method in a method reflection mode.
Optionally, executing the encapsulator method record corresponding method by way of method reflection to intercept the call to the external resource, including: searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record; judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record; if yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource. During program execution, all methods are enhanced through byte codes, when each method is executed, a completely defined path of the method is read, then request parameters are searched in corresponding pocket method records through the completely defined path of the method, and whether the request parameters in a sandbox environment are consistent with the request parameters in the pocket method records or not is judged; if the parameters are consistent, the return parameters in the record of the mocker method are directly returned, and resource call is intercepted, so that the function of separating dependent resources is achieved. If the request parameters in the sandbox environment are inconsistent with the request parameters in the mocker method record, intercepting the resource call, and sending a judging result to a target person.
Optionally, executing the corresponding method of the encapsulator method record by a method reflection mode to intercept the call to the external resource, and further including: if the request parameters in the sandbox environment are inconsistent with the request parameters in the simulator method records, or if the return parameters in the sandbox environment are inconsistent with the return parameters in the packager method records; the judgment result is sent to the target person. In the embodiment of the invention, if the request parameter in the executed mocker method record is inconsistent with the request parameter in the sandbox environment or the return parameter in the wrapper method record is inconsistent with the return parameter in the sandbox environment, the influence of the instruction modification of the application program on the data can be determined, and the data can be directly fed back to a developer for analysis and judgment. Therefore, the embodiment of the invention can verify whether the instruction modification can be adapted to the original data record.
In addition, in the embodiment of the present invention, the implementation of the method for executing the application program in the sandbox environment is described in detail in the above method for executing the application program in the sandbox environment, so the description is not repeated here.
Fig. 5 is a schematic diagram of the main modules of an apparatus for executing an application in a sandboxed environment in accordance with an embodiment of the present invention. As shown in fig. 5, the apparatus 500 for executing an application program in a sandboxed environment includes a reading module 501, an enhancing module 502, a recording module 503, and an executing module 504; wherein, the reading module 501 is configured to read a completely defined path of a method of an application program in a configuration file; the enhancement module 502 is configured to add a data recording instruction to the method; the recording module 503 is configured to execute the application program in an online environment, so that when the application program invokes an external resource, the application program records a resource call record through the data recording instruction; an execution module 504 is configured to construct a sandbox environment in the test environment, in which the application program is executed based on the resource call record to intercept calls to the external resource; the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
Optionally, the resource call record includes a universally unique identification code, a fully defined path of the method, a request parameter, a return parameter, and an application identification.
Optionally, the recording module 503 is further configured to:
before a sandbox environment is built in a test environment, marking a first resource call record generated when the application program is executed as a packager method record;
and marking other resource call records generated when the application program is executed as simulator method records.
Optionally, the recording module 503 is further configured to:
before a sandbox environment is built in the test environment, carrying out de-duplication treatment on the request parameters, and only reserving request parameters with different attribute combinations;
and asynchronously uploading the resource call record after the duplication removal to a relational database.
Optionally, the execution module 504 is further configured to:
reading a resource call record corresponding to the application program identifier into a file;
executing the application program in the sandbox environment, and calling the resource call record in the file in the process of executing the application program so as to intercept the call to the external resource.
Optionally, the execution module 504 is further configured to:
configuring the application in the sandboxed environment;
searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record;
Obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory;
executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource.
Optionally, the execution module 504 is further configured to:
searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record;
judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record;
if yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource.
Optionally, the execution module 504 is further configured to:
if the request parameters in the sandbox environment are inconsistent with the request parameters in the simulator method records, or if the return parameters in the sandbox environment are inconsistent with the return parameters in the packager method records;
the judgment result is sent to the target person.
According to the various embodiments described above, it can be seen that the technical means of executing the application program in the online environment, so that the application program records the resource call record through the data record instruction when the external resource is called, constructs a sandbox environment in the test environment, and executes the application program in the sandbox environment based on the resource call record, so as to intercept the call of the external resource, and solve the technical problem that the non-preset resource cannot be isolated in the configuration mode in the prior art. According to the embodiment of the invention, whether the non-preset resources are isolated or not can be selected through a configuration mode, whether the instruction modification can be adapted to the original data record can be verified, no matter how violent the performance test is, the performance test can not be influenced on other resources, and therefore the controllable and risk-free performance test is realized.
The specific implementation of the apparatus for executing an application program in a sandbox environment according to the present invention has been described in detail in the above method for executing an application program in a sandbox environment, and thus the description thereof will not be repeated here.
FIG. 6 illustrates an exemplary system architecture 600 of a method of executing an application in a sandboxed environment or an apparatus executing an application in a sandboxed environment to which embodiments of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 is used as a medium to provide communication links between the terminal devices 601, 602, 603 and the server 605. The network 604 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 605 via the network 604 using the terminal devices 601, 602, 603 to receive or send messages, etc. Various communication client applications such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 601, 602, 603.
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (by way of example only) providing support for shopping-type websites browsed by users using terminal devices 601, 602, 603. The background management server can analyze and other data such as the received article information inquiry request and feed back the processing result to the terminal equipment.
It should be noted that, the method for executing the application program in the sandbox environment provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the device for executing the application program in the sandbox environment is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer programs according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor comprises a reading module, an enhancing module, a recording module and an executing module, wherein the names of these modules do not constitute a limitation of the module itself in certain cases.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: a fully defined path for a method of reading an application in a configuration file; adding a data recording instruction into the method; executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction; building a sandbox environment in a test environment, and executing the application program in the sandbox environment based on the resource call record so as to intercept the call to the external resource; the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
According to the technical scheme of the embodiment of the invention, the application program is executed in the online environment, so that the application program records the resource calling record through the data recording instruction when the external resource is called, the sandbox environment is constructed in the test environment, and the application program is executed in the sandbox environment based on the resource calling record, so that the technical means of intercepting the call of the external resource is overcome, and the technical problem that the non-preset resource cannot be isolated in the configuration mode in the prior art is solved. According to the embodiment of the invention, whether the non-preset resources are isolated or not can be selected through a configuration mode, whether the instruction modification can be adapted to the original data record can be verified, no matter how violent the performance test is, the performance test can not be influenced on other resources, and therefore the controllable and risk-free performance test is realized.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (11)

1. A method of executing an application in a sandboxed environment, comprising:
a fully defined path for a method of reading an application in a configuration file;
adding a data recording instruction into the method;
executing the application program in an online environment, so that when the application program calls an external resource, recording a resource call record through the data record instruction;
building a sandbox environment in a test environment, and executing the application program in the sandbox environment based on the resource call record so as to intercept the call to the external resource;
the method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
2. The method of claim 1, wherein the resource call record includes a universally unique identification code, a fully defined path for the method, a request parameter, a return parameter, and an application identification.
3. The method of claim 1, further comprising, prior to constructing the sandboxed environment in the test environment:
marking a first resource call record generated when the application program is executed as a packager method record;
and marking other resource call records generated when the application program is executed as simulator method records.
4. The method of claim 1, further comprising, prior to constructing the sandboxed environment in the test environment:
performing de-duplication processing on the request parameters, and only reserving request parameters with different attribute combinations;
and asynchronously uploading the resource call record after the duplication removal to a relational database.
5. A method according to claim 3, wherein executing the application in the sandboxed environment based on the resource call record to intercept calls to the external resource comprises:
reading a resource call record corresponding to the application program identifier into a file;
executing the application program in the sandbox environment, and calling the resource call record in the file in the process of executing the application program so as to intercept the call to the external resource.
6. The method of claim 5, wherein executing the application in the sandboxed environment, invoking a resource call record in the file during execution of the application to intercept the call to the external resource, comprises:
configuring the application in the sandboxed environment;
searching a packager method record of the application program in the file, and acquiring a universal unique identification code in the packager method record;
obtaining a simulator method of the application program through the universal unique identification code and recording the simulator method into a memory;
executing the corresponding method of the encapsulator method record in a method reflection mode so as to intercept the call to the external resource.
7. The method of claim 6, wherein executing the encapsulator method record corresponding method by way of method reflection to intercept calls to the external resource comprises:
searching request parameters in the simulator method record through a fully defined path of the method in the process of executing the corresponding method of the simulator method record;
judging whether the request parameters in the sandbox environment are consistent with the request parameters in the simulator method record;
If yes, directly returning the return parameters in the simulator method records, so as to intercept the call to the external resource.
8. The method of claim 7, wherein executing the encapsulator method record corresponding method by way of method reflection to intercept calls to the external resource further comprises:
if the request parameters in the sandbox environment are inconsistent with the request parameters in the simulator method records, or if the return parameters in the sandbox environment are inconsistent with the return parameters in the packager method records;
the judgment result is sent to the target person.
9. An apparatus for executing an application in a sandboxed environment, comprising:
a reading module for reading a fully defined path of a method of an application in a configuration file;
the enhancement module is used for adding a data recording instruction into the method;
the recording module is used for executing the application program in an online environment, so that when the application program calls an external resource, the resource call record is recorded through the data recording instruction;
the execution module is used for constructing a sandbox environment in the test environment, and executing the application program based on the resource call record in the sandbox environment so as to intercept the call to the external resource;
The method is a method which needs to be called when the application program processes a request, and the external resource is a resource dependence located outside the sandbox environment.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
the one or more processors implement the method of any of claims 1-8 when the one or more programs are executed by the one or more processors.
11. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-8.
CN202210340733.4A 2022-04-02 2022-04-02 Method and device for executing application program in sandbox environment Pending CN116933246A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210340733.4A CN116933246A (en) 2022-04-02 2022-04-02 Method and device for executing application program in sandbox environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210340733.4A CN116933246A (en) 2022-04-02 2022-04-02 Method and device for executing application program in sandbox environment

Publications (1)

Publication Number Publication Date
CN116933246A true CN116933246A (en) 2023-10-24

Family

ID=88391091

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210340733.4A Pending CN116933246A (en) 2022-04-02 2022-04-02 Method and device for executing application program in sandbox environment

Country Status (1)

Country Link
CN (1) CN116933246A (en)

Similar Documents

Publication Publication Date Title
US10102306B2 (en) Patching base document object model (DOM) with DOM-differentials to generate high fidelity replay of webpage user interactions
US20190102237A1 (en) Recommending applications based on call requests between applications
US8983935B2 (en) Methods for utilizing a javascript emulator in a web content proxy server and devices thereof
US11068583B2 (en) Management of login information affected by a data breach
CN110858172A (en) Automatic test code generation method and device
US11882154B2 (en) Template representation of security resources
CN111563015A (en) Data monitoring method and device, computer readable medium and terminal equipment
CN108600377B (en) Method, device, terminal and storage medium for suspending file downloading
CN110213105A (en) It is a kind of cross-platform micro- using creation method
Sanderson Programming Google App Engine with Python: Build and Run Scalable Python Apps on Google's Infrastructure
CN113360377B (en) Test method and device
WO2023083071A1 (en) View interaction method and apparatus, electronic device, and computer readable medium
US11757976B2 (en) Unified application management for heterogeneous application delivery
CN116933246A (en) Method and device for executing application program in sandbox environment
CN114327404A (en) File processing method and device, electronic equipment and computer readable medium
CN113726855A (en) Service aggregation method, device, electronic equipment and computer-readable storage medium
CN112099841A (en) Method and system for generating configuration file
CN113347052A (en) Method and device for counting user access data through access log
CN113535322A (en) Form verification method and device
CN113495747B (en) Gray scale release method and device
US11436653B1 (en) Hybrid system event processing
CN113641966B (en) Application integration method, system, equipment and medium
CN113128200B (en) Method and device for processing information
US20230401275A1 (en) Tenant network for rewriting of code included in a web page
CN117951106A (en) Log processing method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination