当前位置:网站首页>Byte P7 professional level explanation: common tools and test methods for interface testing, Freeman

Byte P7 professional level explanation: common tools and test methods for interface testing, Freeman

2022-07-07 01:16:00 Jindu Buer

Catalog

Preface

One 、 Common interfaces :

Two 、 Front end and back end :

3、 ... and 、 What is interface testing :

Four 、 What are the components of interfaces ?

5、 ... and 、 Why do interface tests :

6、 ... and 、 How to test the interface test :

Conclusion


Preface

First , What is an interface ?

Generally speaking, there are two kinds of interfaces , One is the interface inside the program , One is the external interface of the system .

External interface of the system : For example, you need to get resources or information from other websites or servers , No one else will share the database with you , He can only give you a way they've written to get the data , You can use the method he wrote by referring to the interface provided by him , In order to achieve the purpose of data sharing , For example, we use app、 These URLs are called through the interface during data processing .

Program internal interface : Between methods , Interaction between modules , The interface thrown inside the program , such as bbs System , There are login modules 、 Post module and so on , If you want to post, you have to log in first , To post, you have to log in , Then the two modules have to interact , It will throw out an interface , For internal system call .

One 、 Common interfaces :

1、webService Interface : It's going soap Agreement passed http transmission , Both request message and return message are xml Format , We use the tools to call when testing , test . The tools available are SoapUI、jmeter、loadrunner etc. ;

2、http api Interface : It's going http agreement , Differentiate called methods by path , The request message is key-value Formal , The return message is usually json strand , Yes get and post Other methods , This is also the two most commonly used request methods . The tools available are postman、RESTClient、jmeter、loadrunner etc. ;

Two 、 Front end and back end :

Before talking about interface testing , Let's clarify these two concepts first , Front end and back end .

What is the front end , about web End to speak , The web pages we use , Open web site , This is the front end , These are all html、css Written ; about app What about the end , It's what we use app,android perhaps object-C( Development ios Upper app) Developed , Its function is to display the page , Let's see the beautiful page , And do some simple checks , For example, non null check , When we operate on the page , These business logic 、 function , For example, you go shopping , These functions of microblogging are realized by the back end , Back end to control your balance when you shop , Which account should I send my microblog to , How do the front end and the back end interact , Is through the interface .

You may not understand what I said earlier , You just need to remember : The front end is as beautiful as a flower , The back end is responsible for making money to support the family .

3、 ... and 、 What is interface testing :

Interface test is a test to test the interface between system components . The interface test is mainly used to detect the interaction points between the external system and the system as well as between the internal subsystems . The focus of the test is to check the exchange of data , Transfer and control the management process , And the mutual logical dependence between systems .

OK, The above is what Baidu Encyclopedia said , Here's what I'm talking about

In fact, I think interface testing is very simple , It's simpler than normal functional testing ( Let me say this first , It may be deleted later O(∩_∩)O Ha !), Now looking for a job, many companies require interface testing experience , Many people also asked me ( Just two or three people ) What is interface testing , In the attitude of pretending to understand if you don't understand , I would say : The so-called interface test is to judge whether the interface conforms to or meets the corresponding functionality by testing the corresponding input and output parameter information under different conditions 、 Safety requirements .

Why do I say that interface testing is simpler than function testing , Because the function test is to enter values from the page , Then pass the value to the back end by clicking the button or link , And the function test has to test UI、 Front end interaction and other functions , But the interface test has no page , It is through the calling address on the interface specification document 、 Request parameters , Splicing message , Then send the request , Check the return result , So it just needs to measure in and out parameters , It's relatively simple .

Four 、 What are the components of interfaces ?

First , The interface documentation should contain the following :

1、 Interface specification

2、 call url

3、 Request method (get\post)

4、 Request parameters 、 Parameter type 、 Request parameter description

5、 Return parameter description

From the interface documentation , The interface shall have at least the request address 、 Request method 、 Request parameters ( In and out ) form , Some interfaces have request headers header.

header (header): It's the server that HTTP Protocol transmission HTML The string sent before the data is sent to the browser , In the header with HTML There is still a blank line between the files , General storage cookie、token Etc

A classmate asked me header What does it have to do with participation ? Aren't they all parameters sent to the server ?

OK, First , They are really parameters sent to the server , But they are different ,header The parameters stored in are usually some verification information , such as cookie, It is to verify whether the request has permission to request the server , If there is , It can request the server , Then the request address is sent to the server along with the input parameter , Then the server will return out parameters according to the address and in parameters . in other words , The server first accepts header Information to determine whether the request has permission request , After judging that you have authority , Will accept the request address and parameters .

5、 ... and 、 Why do interface tests :

Everybody knows , An interface is actually a front-end page or APP And so on , So many people will ask , I've tested all the functions , Why test the interface ?OK, Before I answer that question , Let's take a chestnut first :

For example, test the user registration function , The specified user name is 6~18 Characters , Contain letters ( Case sensitive )、 Numbers 、 Underline . First, the user name rule will be tested during the function test , Such as input 20 Characters 、 Enter special characters, etc , But these may only be verified at the front end , The backend may not be verified , What if someone bypasses the front-end verification by capturing packets and sends them directly to the back-end ? Just imagine , If the user name and password are not verified at the back end , If someone bypasses the front-end verification , Then the user name and password can be entered casually ? If you log in, you may log in through SQL Inject and other means to log in at will , You can even get administrator privileges , That's not terrible ?

therefore , The necessity of interface testing is reflected :

①、 You can find a lot of things you can't find on the page bug

②、 Check the exception handling ability of the system

③、 Check the security of the system 、 stability

④、 The front end changes at will , The interface has been tested , The back end doesn't have to change

6、 ... and 、 How to test the interface test :

Before the interface test , You still need to understand :

1)、GET and POST request :

If it is get If you ask , Just type in the browser , As long as it can be requested directly in the browser , All are get request , If it is post At the request of , No way. , You have to use tools to send .

GET Request and POST Differences in requests :

  • 1、GET Use URL or Cookie The ginseng . and POST Put the data in BODY in .
  • 2、GET Of URL There will be a length limit , be POST The data can be very large .
  • 3、POST Than GET Security , Because the data is not visible on the address bar .
  • 4、 commonly get Request to get data ,post Requests are used to send data .

In fact, the above points , Only the last point is more reliable , The first point post Requests can also put data into url Inside ,get There is no length limit for requests ,post The request looks like the parameters are implicit , It's a little bit safe, a little bit more , But that's only for Xiaobai users , Even if the post request , You can also capture parameters by capturing packets . So just say it during the above interview .

2)、http Status code

Every time I send out a http After the request , There will be a response ,http It will have a status code , To mark the success of the request , Common status codes are as follows :

  • 1、200 2 The first ones indicate that the request was sent successfully , The most common is 200, On behalf of this request is ok Of , The server also returned .
  • 2、300 3 The beginning represents redirection , The most common is 302, Redirected the request to another place ,
  • 3、400 400 Syntax error in request sent on behalf of client ,401 The page visited by the representative is not authorized ,403 Indicates that you do not have permission to access this page ,404 No such page
  • 4、500 5 The beginning represents an exception in the server ,500 Represents server internal exception ,504 Timeout on behalf of server side , No results returned

Next, let's talk about how to test the interface test :

1)、 General interface use case design

①、 Through sexual verification : First of all, make sure that the interface function is easy to use , That is, the normal passing test , According to the parameters on the interface document , Normal incoming , Whether the correct result can be returned .

②、 Parameter combination : Now there's an interface to operate goods , There is a field type, Pass on 1 It means to modify the product , goods id、 Name of commodity 、 There is a price that must be passed on ,type Pass on 2 It's time to delete items , goods id   It must be passed on , In this way , It's time to measure the parameter combination ,type Pass on 1 When , Can I modify the name of the product ,id、 name 、 Can the price be modified successfully when it's all passed .

③、 Interface security :

1、 Bypass verification , Like buying a product , Its price is 300 element , Then when I submit the order , I'll change the price of this product to 3 element , Does the backend verify , Harder , I changed the money to -3, Is my balance going to increase ?

2、 Bypass identity Authorization , For example, modify the commodity information interface , It has to be the seller to modify , Then I'll send it to an ordinary user , Can you modify it successfully , I'll pass on whether another seller can modify it successfully

3、 Is the parameter encrypted , For example, my login interface , Is the user name and password encrypted , If it's not encrypted , Someone else intercepted your request , You can get your information , Is the encryption rule easy to crack .

4、 Password security rules , Password complexity check

④、 Exception verification :

So called exception verification , That is to say, I don't input parameters according to the requirements in your interface document , To verify the interface's verification of exceptions . For example, the required parameters are not filled , Enter the integer type , Passed in string type , The length is 10 Of , Pass on 11, In a word, it's just how you say it , I don't come much , In fact, there are only three kinds , Must pass, not must pass 、 Parameter type 、 The length of the input parameter .

2)、 Design use cases based on business logic

Designed according to business logic , It is to design use cases according to the business of your own system , The business of each company is different , It depends on the business of your company , In fact, this is the same as the function test design case .

for instance , take bbs Come on ,bbs This is the demand for :

1、 Login failed 5 Time , We need to wait 15 I'll log in in minutes

2、 New registered users need to go through the internship period to post

3、 Delete posts and deduct points

4、…

   Like this, you have to list these test points , And then create the corresponding test point for data test .

Conclusion

Learning software testing is something to stick to , The learning process can be boring , But if some people learn together, they probably won't , Study with me , Accompanied , You won't be alone .

This post ends here , Last , I hope the friends who read this post can gain something . Welcome to leave a message , Or follow my column and communicate with me .

原网站

版权声明
本文为[Jindu Buer]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/188/202207061731384036.html