Advanced testing in 2023, from interface testing to interface automation testing summary, this article thoroughly explains...

---

Preface

Use of json module

Dictionary is a storage type, and json is a format (completely different); the
json.loads() function converts a json string into a dictionary (dict);
the json.dumps() function converts a dictionary into a json string;
json.dump() and json.load() are mainly used to read and write json file functions;

Overview of interface automation testing

What is interface testing:
The front-end and back-end are not separated: Taobao website (the response data is on the page, and the access response data is html) returns a whole html (it is difficult to make an interface and needs to parse the data, because the entire html code is returned)

The front-end and back-end are separated. The front-end and back-end interact through the API (interface), and only the data itself is returned (the App may not require the back-end to return an HTML web page)

(Major projects on the market use json format for front-end and back-end separation)
Requests are returned in json data format, and the front-end and back-end interact through the api interface protocol

Front-end page

Android or ios app, the web page is unified for front-end display (data display and user interaction),
front-end framework: html, js, css, vue (beautiful display), nodejs

rear end

Backend data processing, verification, order placing and other business processing (c language, c++, java (larger ones use java), go, python)

Data interaction (interface) between front-end and back-end through interface

Some problems may be blocked by the front end, but there are no restrictions or verifications on the back end. By bypassing the front end and capturing packets and sending requests to break through the back end, problems may arise in the project.

The concept of interface

The interface is the mutual call between applications. The
interface is a service provided by entities or software to the outside world.
Software interface: API, WeChat withdrawal calls UnionPay’s interface to achieve data interaction.

One is the internal interface:
the interaction between methods; the interaction between modules

Another kind of interface that calls external packaging
: web interface: http, https, webserver (mostly web interfaces at present)
application program interface: socket interface, using tcp/ip protocol
Database interface:

Commonly used interface methods (protocols)

webservice: Transmit via soap protocol through http, request messages and return messages are in xml format, xml format (soapui packet capture) old projects (government and banks)

It is also troublesome to parse the data, and the speed may be reduced, and the communication is strict.

http protocol: Hypertext Transfer Protocol (70-80% use http protocol) get post delete put four main request methods

https protocol: It is not a new protocol for the application layer, but the http communication interface part is replaced by SSL and TLS protocols.

Interface testing

Project requirements:
Case: a login interface
Scenario: The product stipulates that the user name must be 6-10 string underscores.
The tester did the verification on the front end and it passed.
The back-end developer did not do the verification.
Risk: directly capture the packet to tamper with your interface, and then bypass verification and log in directly through SQL injection.
Harm: loss to the company.
Interface testing is a mainstream demand in the market.

Interface test goals

You can find bugs that are not found on the client, (hidden bugs) (submit the order, the front end is blocked and the back end does not, you can fill it in randomly)

Risks are exposed as early as possible (to ensure quality and normal launch)
. The interface is stable and the front end can be changed at will.
The most important thing is to increase the security and stability of the memory system.

Overview of interface automated testing (how to do it) (The interface runs the protocol layer. The UI locates the element)

Project business (understand the project business);
interface documents (api documents);
interface use cases;
automation scripts (based on interface documents and interface use cases);
pytest framework (key);
debugging execution (key);
allure reports;
result analysis;
continuous integration;

fiddler (use of packet capture tool)

Tips for using fidder (capture packets, view packet capture data):
To capture https, you need to set up a certificate: (free, open source, can capture many corresponding messages, and app can also be used)

fidder is a free, flexible, simple to operate, and powerful http proxy tool. It is one of the most commonly used http packet capture tools at present.

It can capture all http/https packets, filter sessions, analyze request details, forge client requests, tamper with server responses, redirect, network speed limit, breakpoint debugging and other functions

How fiddler works:
Forward proxy (forward proxy server, requests sent through the browser used to be sent directly to the server, fidder forwarding (proxy server), the browser request is sent to the fidder proxy server, the fidder proxy server forwards to the server, the server The data is forwarded to the fidder proxy server, and the proxy server sends it to the browser

Forward proxy:
forwards the browser’s request and response, and the packet capture tool is transparent to the client

Reverse proxy:
nginx - load balancing - performance One server
tomcat db (now the user level is very large, one tomcat can't handle it, and a helper is needed. Three tomcats share the traffic (how to coordinate and add nginx - load balancing)) The
browser sends When a request comes in, I don’t know who the request is sent to. The volume of requests is very large. I distribute the requests to various tomcats through nginx to prevent one tomcat from being unable to bear it.

Interface test data format

Interface automated test data source (where do test cases come from)? Where are test cases generally stored?

excel test cases; yaml format use cases; csv

Data type in automation script:
form format:
[urlencoded format]: also called form format, or x-www-form-urlencoded format (type type is form form, data transmission form form)

The form format is composed of key-value pairs. Use = between keys and values, and & between multiple values. For example: name=zhengsan&age=16

json format (str string: string of key-value pair type)　
json has two structures: object and array. There are four data types: string, number, logical value, and null value. The
object is represented by curly brackets {}, and the object is represented by attributes. Composed of attributes consisting of key-value pairs. Keys and values ​​are separated by colons. Properties are separated by commas. Keys must be enclosed in double quotes.

Use square brackets [] to represent an array. The array is composed of individual values
. JSON is flexible and JSON can be nested.

Encrypted token (token encryption + upload file interface)

The request header of the file upload interface requires Cookie: token=obtained through the token acquisition interface (you can put sessionid or token in the cookie, see the development and interface documents). If you can't judge, you can use fiddler to grab a package and check it.

import requests, json
import hashlib  　　　　　　　　　　　　　　　　# 这是加密库

def get_md5_data(psw):  　　　　　　　　　　  # MD5加密--password  String md5(‘zr’+111111 +‘hg’)
    password = f"zr{
      
      psw}hg"
    md5 = hashlib.md5()　　　　　　　　　　　 #1：创建一个md5对象　　　　　　　　　
    md5.update(password.encode("utf-8"))  #2：完成加密，updata方法加密　　　对象.方法(需要加密的对象.encode("utf-8"))，加密时候最好设置编码
    # 对字符串进行编码后再进行一个加密
    # md5(b"zr111111hg")                      #也可以传二进制数据直接进行编码:如下
    # import hashlib
    # md5 = hashlib.md5()
    # md5.update(b'zr11111111hg')
    # print(md5.hexdigest())

    # 方法二：一行也可以写
    # print(hashlib.md5(b'zr11111111hg')).hexdigest()---这样写也可以，（传bytes类型。可以这么写）

    # 3要输出结果,return
    return md5.hexdigest()

# 1：获取接口需要的token
HOST = "http://121.41.14.39:2001"

def get_token(inname, inpsw):
    token_url = f"{
      
      HOST}/token/token"  # url
    header = {
    
    "Content-Type": "application/x-www-form-urlencoded"}  　　　　# 请求头，封装成字典

    # password  String md5(‘zr’+111111 +‘hg’)----password需要md5加密
    # 打开md5加密网页（百度查询）　　把“zr111111hg”加密码提取出来：5c4fcc5add5d087de1e8534189c687f7
    # md5加密网站;http://tools.jb51.net/password/CreateMD5Password/
    payload = {
    
    "mobile": inname, "password": get_md5_data(inpsw)}
    reps = requests.post(token_url, data=payload, headers=header)
    return reps.json()["data"]  # 这里的data就是我们要的token


# 2：文件上传接口
# post方法，文件上传接口，先抓个包
# Content-Type: multipart/form-data; boundary=WebKitFormBoundaryLpsjAVSe95yonybu--文件上传有个随机参数boundary，算法可以做
#         做文件接口一般不带这个type，也不带头，除非真的校验，要去找对应的算法---麻烦（传type会有问题）

# 文件body---
# ------WebKitFormBoundaryLpsjAVSe95yonybu
# Content-Disposition: form-data; name="file"; filename="QQ图片20201009011422.png"
# Content-Type: image/png
# name="file"---你传给那个变量，文件名
# filename="QQ图片20201009011422.png"---文件对象
# Content-Type: image/png 文件类型
# 文件不要写绝对路径(写相对路径)---不然代码移植很麻烦
def file_doUpload():
    file_url = f"{
      
      HOST}/user/doUpload"

    # {变量:(文件名，文件对象，文件的类型)} ----文件对象需要open打开,open函数返回文件对象---文件对象有三个部分
    # 文件的打开不能用read，会乱码，只能用rb模式打开，二进制模式打开，读出是bytes字节的
    # 传文件的话一般这样做的需要--文件变量（文件对象）--组装好
    payload = {
    
    "file": ("QQ图片20201009011422.png", open("../data/QQ图片20201009011422.png", "rb"), "jpg/png/gif")}
    reps = requests.post(file_url, files=payload)
    print(reps.json())

file_doUpload()

The following is the most comprehensive software testing engineer learning knowledge architecture system diagram in 2023 that I compiled.

1. Python programming from entry to proficiency

2. Practical implementation of interface automation projects

3. Web automation project actual combat

4. Practical implementation of App automation project

5. Resumes of first-tier manufacturers

6. Test and develop DevOps system

7. Commonly used automated testing tools

8. JMeter performance test

9. Summary (little surprise at the end)

Struggle is the ship that sails life, and hard work is the wind that drives forward. No matter what the starting point is, as long as you have a dream and pursue it firmly, every effort will create a better self. Believe in your abilities, move forward bravely, and let your struggle light up the stars of life!

On the road of struggle, setbacks and failures are just tempers, and never giving up is the greatest courage. Use hard work and wisdom to light up the flame in your heart and constantly pursue excellence. Only by believing in your own potential and persisting in struggle can you open the door to your own glory!

There is no such thing as natural success, only continuous hard work. Don't be overwhelmed by difficulties, believe in your persistence and talent. Move forward bravely and chase your dreams. Every struggle is a catalyst for achievement. Let us write a glorious chapter with our sweat!