1. What is the software interface?
Classes or functions for transferring data and processing between different modules of the program
2. What is the difference between HTTP and HTTPS protocols?
Answer: The https protocol requires a CA (Certificate Authority) to apply for a certificate. Generally, there are fewer free certificates, so a certain fee is required; http is a hypertext transfer protocol, and information is transmitted in plain text. The Https protocol is constructed by the SSL+Http protocol The network protocol for encrypted transmission and identity authentication is safer than the http protocol; http and https use completely different connection methods and use different ports. The former is 80 and the latter is 443;
3. On which layer is HTTPS?
I used to like to ask questions about network protocols in interviews. Some friends said that I installed X, which is not practical. A little research on network knowledge, it is not difficult to answer in fact.
A: HTTPS at the application layer
4. What is the difference between get and post?
Answer: Both POST and GET submit data to the server and both obtain data from the server. Differences: 1) Transmission method: get is transmitted through the address bar, post is transmitted through the message 2) Transmission length: The get parameter has a length limit (limited by the url length), and post has no limit 3) GET generates a TCP data packet (for For a GET request, the browser will send the http header and data together, and the server will respond with 200 and return data. POST generates two TCP data packets (for POST, the browser sends the header first, the server responds with 100 continue, and the browser then Send data, the server responds with 200 ok to return data) 4) Get request parameters will be completely retained in the browsing history, but the parameters in the post will not be retained 5) When doing data query, it is recommended to use GET; while doing When adding, modifying or deleting data, post is recommended
5. Common POST data submission methods
Answer: There are four main methods: application/x-www-form-urlencoded, multipart/form-data, application/json, text/xml, etc.
6. What is the Http protocol stateless protocol? How to solve the HTTP protocol stateless protocol
Answer: Stateless means that the protocol has no memory capacity for transaction processing, and the server does not know the state of the client. That is, after we send an HTTP request to the server, the server will send us data according to the request, but after sending it, no information will be recorded. HTTP is a stateless protocol, which means that each request is independent, and Keep-Alive has not changed this result. The lack of status means that if the previous information is needed for subsequent processing, it must be retransmitted, which may result in an increase in the amount of data transmitted per connection. On the other hand, when the server does not need previous information, its response is faster. This feature of the HTTP protocol has advantages and disadvantages. The advantage is that it liberates the server. Each request "point-to-stop" will not cause unnecessary connection occupation. The disadvantage is that each request will transmit a large amount of repeated content information. After the emergence of web applications where the client and the server interact dynamically, the stateless nature of HTTP has seriously hindered the implementation of these applications. After all, interaction requires a link between the past and the future. A simple shopping cart program must also know what the user has chosen before. commodity. Thus, two technologies for maintaining HTTP connection status came into being, one is Cookie, and the other is Session.
7. The difference between cookie and session
Answer: The cookie data is stored on the client's browser. The session data on the server is not very safe. Others can analyze the cookies stored locally and perform cookie spoofing. Considering the safety, you should use the session session. The session will be stored for a certain period of time. On the server. When the number of visits increases, it will take up the performance of your server. Cookies should be used to reduce server performance. A single cookie cannot store more than 4K data. Many browsers limit a site to save up to 20 cookies. You can store important information such as login information. It is session; other information needs to be saved and can be placed in cookie
8. Common return status codes in request interfaces
Answer:
1xx-Information prompt (indicating a temporary response. The client is ready to receive one or more 1xx responses before receiving a regular response)
2xx-Success (indicating that the server successfully accepted the client request)
3xx-Redirection (client The client browser must take more actions to fulfill the request. For example, the browser may have to request a different page on the server, or repeat the request through a proxy server)
4xx-Client error (sending error, client has a problem. For example, , The client requests a page that does not exist, and the client does not provide valid ID verification information) 5xx-server error (the server cannot complete the request due to an error)
common return codes are:
200 OK-[GET]: The server successfully returned the data requested by the user
201 CREATED-[POST/PUT/PATCH]: The user created or modified the data successfully
202 Aceepted-[]: Indicates that a request has entered the background queue (asynchronous task)
204 NO CONTENT-[DELETE ]: The user deletes the data successfully
400 INVALID REQUEST-[POST/PUT/PATCH]: The request sent by the user has an error, and the server does not create or modify data. 401 Unauthorized -[]: Indicates that the user has no authority (token, Username, password error)
403 Forbidden -[]: indicates that the user is authorized (as opposed to 401 error), but access is forbidden
404 NOT FOUND -[]: The request sent by the user is for a record that does not exist, and the server does not Perform an operation that is idempotent
406 Not Acceptable-[GET]: The format requested by the user is not available (for example, the user requests JSON format, but only in XML format)
500 INTERNAL SERVER ERROR-[*]: The server has an error, and the user will not be able to determine whether the request is successful
9. What is DNS?
Answer: DNS is the Domain Name System. DNS is used for domain name resolution. After you enter the web address on the Internet, it will convert it into an IP, and then go to the other party's server; without it, you just want to go to Baidu Remember Baidu's IP, but with DNS processing, you only need to remember the domain name of the corresponding website, that is, the URL.
10. How does your company do interface testing?
Answer: The actual interface test is different from the general test in the design part of the test case. ① Obtain interface specifications.
②Design interface test function use cases (mainly from the perspective of users to see whether the interface can meet business requirements, use case design is the set of black box use cases).
③Various input parameters verification (normal conditions, abnormal conditions include incorrect number of input parameters, incorrect type, optional/required, and consideration of mutually exclusive or related parameters).
④Various verifications of interface return values (in line with interface document requirements)
⑤Understand the logic of interface implementation and realize logic coverage (statements/conditions/branch/judgments/...)
⑥Can the interface be executed concurrently, is it safe, and does the performance meet the requirements?
⑦Adopt Tools or self-written code to verify.
⑧ Finding the problem is the same as the function test, the bug should be reported, and the tracking status should be tracked.
11. How to design interface test cases?
Answer: Generally, the following aspects need to be considered when designing interface test cases:
①Whether the preconditions are met. Some interfaces need to meet the preconditions before they can successfully obtain data. Commonly, need to log in Token Reverse use case: design 0~n use cases for whether the preconditions are met (assuming n conditions)
②Whether to carry default value parameters Forward use case: the parameters with default values are not filled in or passed Parameter, mandatory parameters are filled in with correct and existing "normal" values, others are not filled in, design 1 use case
③Business rules, functional requirements Here according to the time situation, combined with the interface parameter description, it may be necessary to design N forward use cases and reverse Use case
④Whether the parameter is required. Reverse use case: For each required parameter, design a reverse use case with empty parameter value.
⑤ Whether there are correlations between parameters. Some parameters are mutually restrictive.
⑥Parameter data type limit reverse Use case: Design a reverse use case for each parameter that does not match the parameter value type
⑦ The data range value of the parameter data type itself is limited. Positive use case: For all parameters, design a parameter value of each parameter to be the largest within the data range Positive use case
12. What do you test for the interface?
Answer:
Usability test according to the agreed protocol, method, format content, transfer data to the interface and return the expected result after processing:
Whether the interface function is implemented correctly;
Return value test-The return value must be correct in addition to the content and type. Ensure that the caller can parse correctly;
Parameter value boundary value, equivalence class test; Error and exception handling test
Input abnormal value (null value, special character, exceeding the agreed length, etc.), the interface can handle it correctly, and respond as expected ;
incorrect input parameters, the interface can handle correctly, as expected response;
multi-input, less input parameters, the interface can handle correctly, and the expected response
(e.g., written form json format format) format data transmission error test ; security The security test mainly refers to the security of the transmitted data:
Whether sensitive data (such as passwords, secret keys), etc. are encrypted for transmission;
Whether the returned data contains sensitive data, such as user passwords, complete user bank account information, etc.;
Whether the interface is correct Incoming data is verified for security, such as identity ID plus token similar verification;
Whether the interface prevents malicious requests (such as a large number of forged requests that cause the server to crash); Performance testing, such as interface response time, concurrent processing capabilities, stress testing Handling situation:
Concurrent requests for the same interface (especially POST requests), handling of the interface (such as inserting the same record, causing data errors and system failures); Code Testing Institute
The interface response time is within the user’s tolerance Perform stress test on the interface with a large amount of requests to determine whether the biggest bottleneck point meets the current business needs;
13. What tools are commonly used to test interfaces?
Answer: Commonly used http protocol interface testing tools, such as: postman, fiddler, jmeter; webService interface uses SoapUI, jmeter, etc.
14. If there is no interface document, how to do interface test?
This question mainly tests emotional intelligence, which is the ability to fool the interviewer in general. It is also a blind test when you enter. Be ready to go back at any time. Of course, you must not answer the interviewer's unexpected
answer: use the packet capture tool Grab the interface, and then conduct targeted testing; if the field information in the interface is not clear, find time to
concentrate on seeking development solutions. (Commonly used capture tools Fiddler, Charles, etc.)
15. In the process of manual interface testing or automated interface testing, how to deal with data dependencies on upstream and downstream interfaces?
Answer: Use a global variable to process dependent data, such as returning a token after logging in. Other interfaces need this token, then use global variables to pass token parameters.
16. How to test interfaces that rely on third-party data?
Answer: Mock Then the interviewer will ask you if it is a mock, then you will continue to dig along the pit and build a mock service. Refer to this http://www.51ste.com/share/det-485.html
17. In the interface test, how to test the interface that depends on the login status?
Answer: The nature of the interface that relies on the login status is that every time a request is sent, a session or cookie is required to be sent successfully, and the necessary session or cookie is added when constructing a POST request.
18. How to simulate a weak network for testing
? Answer: Both Fiddler and Charles can simulate a weak network test. The usual simulation of packet loss is also a simulation of a weak network test. With
the body can be seen "several weak network simulation method, there is always a right for you."
19. What bugs have you found in the process of interface testing?
The interviewer asked this question mainly to know if you really did the interface test. After all, many small partners’ resumes are packaged (without packaging, there is no interview opportunity, there is no way, in order to survive, to understand)
A:
General mistakes , The interface is not implemented, the result is not returned as agreed, the boundary value processing error, etc. Input abnormal values (null values, special characters, exceeding the agreed length, etc.), the interface throws errors, and no encapsulation is performed; input wrong parameters, more input, less input parameters,
possible errors in the interface; security issues, such as clear text transmission , The returned result contains sensitive information, no verification of user identity information, no malicious request interception, etc.;
performance problems, such as concurrent insertion of multiple identical operations in the interface, too long response time, and bottlenecks in the interface pressure test;
20. When an interface is abnormal, how do you analyze the abnormality?
Answer: First capture the packet, use the fiddler (charles) tool to capture the packet, or the F12 debugging tool on the browser; if it is on the APP, then use Fiddler as a proxy, set the proxy through the mobile phone to view the request and return messages; view the backend log , For example, if the Linux system connects to the server through xhell, check the interface log to see if there is any error message (command: tail -f log file);
21. How to analyze whether a bug is front-end or back-end?
Answer: When we usually mention bugs, front-end development and back-end development are always arguing, not admitting that it is the bug of the other side. This situation is easy to judge. First, grab the packet and look at the request message, and look at the interface document to see if there is any problem with the request message. If there is a problem, the data sent by the front-end is incorrect; the request message is ok, then look at the return message. The returned data is wrong, that is the problem of back-end development.
22. Do you automate interface testing?
Answer: For a large number of applications, it is generally recommended to automate interface testing, which has low maintenance costs and high returns. There are many commonly used tools, such as Jmeter, Robot Framework, pytest, etc.
23. How many JMeter listeners are listed?
Some JMeter listeners are: Collection report summary report View results tree View results in tables Graph results BeanShell Listener summary reports etc.
24. Data-driven testing in python
In unittest, there is no built-in data driver, we have to use ddt to achieve it. First, we have to install ddt in the python runtime environment, and use the following command to install pip install ddt. Another test framework, pytest, has its own data-driven implementation. It is parameterized by @pytest.mark.parametrize(argnames,argvalues). You can also use python to read and drive data according to your needs.
25. How to deal with the association in interface automation?
Pass the result returned by the previous request to the parameters of the next request, reflect the result of the request to a class attribute (using the setattr() function), and call this class attribute on the next request
26. How to verify the results of automated testing?
Assert, the expected result is compared with the actual result
, and the data in the database is checked according to the test scenario and the data before the request is compared.
27. What is the testing framework used for automation?
Briefly describe the design and maintenance of the automation framework. The
test framework: python+unittest+requests+ddt+openpyxl+pymysql+logging
python: simple entry, simple syntax
unittest: define a test case class, and specific methods to maintain the life cycle of test cases, Test scenario behavior, test case pre-scenario, behavior, expected result, actual result, assertion method, Setup teardown method
requests: interface call, library supporting http request, concise API, providing different http request methods, support session, cookies,
ddt: data-driven, ddt class decorator, data test method decorator unpack unpacks iterable data types,
ordinary users, databases, configuration
files— (basic data) openpyxl: data management excel management data, use openpyxl module to perform excel data
Reading and writing (excle, csv, json, yaml, txt can manage test data) pymysql: database interaction, data verification
eval, json: data format conversion Eval converts the format supported by python into the corresponding format
logging: log Processing, unified log output format, channel, level, record of execution results, easy to locate the problem
jenkins: continuous integration
2 / framework design ideas: data-driven + structural layering (readability, maintainability, scalability)
data-driven : Separate maintenance data from code, consistent interface call behavior, drive different test scenarios for different parameter combinations, and reduce code redundancy.
Structure layering: data layer + use case layer + logic layer
Data layer: test data support data.xls
Use case layer: use case execution test_register.py test_recharge.py
logic layer: public method encapsulation and extraction doexcle.py do_mysql.py http_requests.py logger.py and other modules
3 / framework design steps:
prepare test data: EXCEL table prepares for test Use case—reading excel data—replacement of parameter values. Code testing institute
initiates a request: request method (get/post method for encapsulation—URL splicing (different—parameters are converted to dictionary
to get the return value of the request: parsing the return value code, Status, msg information
assertion
benefits:
1. The perfect combination of automated test cases and manual test cases, reducing repetitive work
2. Flexible configuration, you can switch test environments and execute test cases independently
3. Common functions are encapsulated, logic is clear, and easy to maintain
4 , Unified execution entrance, management of test case set: The
run.py module selects the test cases that need to be executed through fuzzy search
5. Continuous integration, regular construction, quick feedback
28. Specifically, how to apply automation to the actual in this project, and your analysis of the automation results
After completing the design and implementation of all automated test frameworks, perform interface testing, and then integrate it into
jenkins, configure timing execution, generate html reports, view test pass rates, and view interface functions
. Regression testing is performed every time the version is released, new features Before development and testing