How to use curl and Python to perform interface testing on the server and Web side

Source: Internet
Author: User
Tags cdata how to use curl http digest authentication http post php source code sha1



Tool description



Curl is a file transfer tool that works with URL syntax in command-line mode, is a free tool for open source enthusiasts to write maintenance, supports dozens of operating systems including Windows, Linux, Mac, and the latest version is 7.27.0, but I recommend you use 7.26.0, from here version 7.26.0 can be downloaded.



Here is the official translation: Curl is a command-line tool that uses URL syntax to transfer data, supports DICT,FILE,FTP,FTPS,GOPHER,HTTP,HTTPS,IMAP,IMAPS,LDAP,LDAPS,POP3,POP3S, Rtmp,rtsp,scp,sftp,smtp,smtps,telnet and TFTP. Curl supports SSL certificates, HTTP post,http put,ftp uploads, HTTP basic form uploads, proxies, cookies, user + password Authentication (Basic, Digest, NTLM, Negotiate, Kerberos ...) ), restore file transfer, tunnel proxy, and so on.



Python is an object-oriented, literal translation computer programming language, invented by Guido van Rossum at the end of 1989, its powerful and easy-to-use do not need to explain, in web development or development speed requirements of the development of a very wide application, but because it belongs to the scripting language, Its performance is always inferior to C + +, C and other languages.



This article mainly uses the example to explain the two tools in the test part of the use, more usage left for everyone to continue to explore.



Application Scenarios



Querying the server with a Curl emulation client






In the interface test, you should find the developer to provide a list of interfaces and corresponding parameters, so that the test can verify the correctness of the test method, but if you can use the browser to simulate the operation, you can also try first, the following example will be mentioned.






First, using the client to access the service-side interface that needs to be tested, the results of the Wireshark capture are as follows:






multipart The query string to the server's file_health_info.php interface by post data.



Tips:



Windows version of Curl is not like Linux or Mac belongs to the system's own tools, need to download, if you want to use at the command prompt to jump to the tool directory to run, it is very troublesome, we can directly put this tool file in the Windows directory, This allows you to run the tool directly with the "curl" command, regardless of the directory.



Curl defaults to sending data by post, so just add the multipart method, and the-F in the Curl Help explains:



-F,--form CONTENT specify HTTP multipart POST data (H)



--form-string string Specify HTTP multipart POST data (H)



--ftp-account Data Account Data string (F)



--ftp-alternative-to-user COMMAND String to replace "user [name]" (F)



--ftp-create-dirs Create the remote dirs if not present (F)



--ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F)



--FTP-PASV use PASV/EPSV instead of PORT (F)






Specify HTTP multipart POST data satisfies our requirements, so the simulated statement is:



Curl-f "newmd5=3bcad21af5f17c1fbff419137297c942## #25016566 # # #d: \test.exe## #1 # # #" Http://172.22.54.22/file_ health_info.php



The following are the parameters, before the test should find the development of the confirmation.



However, because the server supports the ability to return data in gzip, we can also add the-compressed parameter to the request, which is:



Curl--compressed-f "newmd5=3bcad21af5f17c1fbff419137297c942## #25016566 # # #d: \test.exe## #1 #/ http/ 172.22.54.22/file_health_info.php



In order to better determine whether the server interface is normal, in addition to the return data to judge, we also need to parse the data packet returned by the server, so you can also add the-I parameter in the Curl request, the final Test statement becomes:



Curl–i--compressed-f "newmd5=3bcad21af5f17c1fbff419137297c942## #25016566 # # #d: \test.exe## #1 #/ http 172.22.54.22/file_health_info.php



After the simulation is done, we need to consider the return value, we first run the statement at the command prompt to see the return value.



After running the above command, the following data is returned:



http/1.1 Continue



http/1.1 OK



Date:fri, 07:47:45 GMT



Content-type:application/xml



Transfer-encoding:chunked



Connection:keep-alive




Content-encoding:gzip



<?xml version= "1.0" encoding= "GBK"?>



<ret>



<retinfo code= "0" msg= "Operation Success" total= "1" success= "1" empty= "0"



cost= "999.92752075195"/>



<softs>



<soft>



<md5>3bcad21af5f17c1fbff419137297c942</md5>



<sha1></sha1>



<level>4040</level>



<e_level>40.3</e_level>



<size></size>



<soft_name><! [cdata[]]> </soft_name>



<describ><! [cdata[]]></describ>



<file_desc><! [cdata[]]></file_desc>



<upload>0</upload>



<attr_upload>2</attr_upload>



<class><! [cdata[private]]></class>



<malware><! [cdata[cloud.virus]]></malware>



<is_sys_file>0</is_sys_file>



<is_rep>0</is_rep>



<age>0</age>



<pop>0</pop>



</soft>



</softs>



</ret>



Packet header is common, in general, we only need to determine that the header contains "http/1.1 OK" can be determined that the service side returned the data properly. Also from the content can see that this is an XML format of the packet, we only need to determine whether there are key fields, such as <level>, and then we can add the following example code in Python:



Run the specified Curl command first:



Response = Os.popen ("curl-i--compressed-f" newmd5=3bcad21af5f17c1fbff419137297c942## #25016566 # # #d: \test.exe## #1 # # # " http://172.22.54.31/file_health_info.php



Then determine if the field we want is in the return value:



Self.assertnotequal (Response.find (' http/1.1-OK '), 1)



Self.assertnotequal (Response.find (' <level> '), 1)



The above content seems to be almost possible, but the actual is not rigorous, because the server returned by the data is obtained from the database, so we also need to query the database to get the specified value, and determine whether the data packet consistency, such as <LEVEL>



First use Python to log on to the database server:



conn = MySQLdb.connect (host= ' 172.22.54.31 ', user= ' user ', passwd= ' test321 ', db= ' cloud ')



cursor = Conn.cursor ()



Count = Cursor.execute (' SELECT plevel from file where md5= ' 3bcad21af5f17c1fbff419137297c942 ')



result = Cursor.fetchone ()



Then determine whether the level in the return value is a value in the database:



Self.assertnotequal (Response.find ("' <level>%s</level> '%result[0]),-1)



In addition to using tools such as curl to simulate, you can also write your own code in Python or other languages for post data, but for the sake of simplicity, I chose Curl Test.






Log on using the Curl emulation console



Speaking of analog login or analog Click, many students may directly associate with the QTP and other analog interface operation tools, in fact, this tool has a big drawback is too dependent on the control, if the interface control is changed, then the entire script will be invalid, and now the programming is inclined to interface logic separation, In this way, the interface will not be moved to the bottom of the function interface, developers can modify the interface control at any time, if you still take QTP and other simulated click Test method, the results may be less than the result, if the test directly point to use the interface can avoid this problem.



The following example is an impersonation console login with the login URL:



Http://172.22.54.31:8888/cloud/index.php?r=site/login, first use your browser to log in once to see how the actual effect.



Tips:



Chrome is recommended for testing PHP or other Web applications because it comes with developer tools that work well, and of course Firefox or IE9 have similar tools to look at personal habits. Press F12 to open the tool, select the Network tab, then enter the user name, password click Login, then the network will show the login process in the browser want to console request all the data, including the request type, form data, etc., these are the data source of our simulation operation.






There are several key information that can be obtained: request URL, request type, data type, data content, and support gzip compression. We use curl to simulate the following:



Curl-i--compressed http://172.22.54.31:8888/cloud/index.php?r=site/login -D "username=admin"-D "userpass= Admin



The reasons for using-I and-compressed have already been stated in the previous example, and are not mentioned here, the emphasis is on the back-D, which is explained in the official help:



-D,--data data HTTP POST data (H)



--data-ascii data HTTP POST ASCII data (H)



--data-binary data HTTP POST binary data (H)



--data-urlencode data HTTP POST Data URL encoded (H)



--delegation STRING GSS-API Delegation permission



--digest Use HTTP Digest authentication (H)



--disable-eprt Inhibit using Eprt or LPRT (F)



--DISABLE-EPSV Inhibit using EPSV (F)



And the data we return from developer tools already knows that the format of the returned data is



"application/x-www-form-urlencoded", so it is clear that you need to use the-D HTTP POST data URL encoded feature . However, there is a keyword form in the format, but also support-f parameter login, try:



curl-i--compressed http://172.22.54.31:8888/cloud/index.php?r=site/login -F "username=admin"-F " Userpass=admin ", sure enough, hehe ~



Perhaps some students have doubts, why do not simulate warnsetup, refer, this is because the test found that the login interface only requires a user name and password is enough, refer used to record the source of the page, where the use is not very useful, warnsetup is only used to verify the login code, this has been removed.



Next, to validate the data, we run the above command at the command prompt and return the following results:



http/1.1 302 Moved temporarily



Date:fri, 08:29:07 GMT



Content-type:text/html



Transfer-encoding:chunked



Connection:keep-alive



x-powered-by:php/5.4.3



set-cookie:phpsessid=4711d2365de9aaaca0c28b1ca52183f0; path=/



Expires:thu, 1981 08:52:00 GMT



Cache-control:no-store, No-cache, Must-revalidate, post-check=0, pre-check=0



Pragma:no-cache



set-cookie:phpsessid=81d4bb65e888c1b6347120641eb4798b; path=/



Location:./index.php





It's strange, at first glance the console doesn't return any useful information, but the inside of that sentence http/1.1 302 Moved temporarily is not particularly familiar? This special 302 (for HTTP redirection) is exactly what we see in developer tools, and seeing this can be 80% sure that our login has succeeded, and more importantly, to return the contents of the package: location:. Index.php, this indicates that the console has been notified to the request side to jump to index.php, if the login failure console will continue to stay in the current login interface, we only need to modify the Curl statement in the user name or password to know, in this case, the return package is the login interface PHP source code, here no longer repeat.



Using Curl to test the console search interface in get mode



The test method is similar to the above, first use Chrome to open the console to the corresponding page, enter "Test.exe" in the Search box, click Search, use the developer tools to grab the package, the content is as follows:






The parameters of the curl analog get send data are-g, so it's easy to know what to emulate later:



Curl-i--compressed-g "http://172.22.54.31:8888/cloud/index.php?r=file_cloud/api/search&filename= 59c7dd2eafdbe86b2e23bcdabb575448&bg=0&lm=19 "



Each of these parameters is understood separately: filename represents the input keyword, BG represents the first row of the database, and LM represents a total of 19 rows of data. The data returned by this interface is as follows:



{"Rows": [{"Level": "Ten", "Plevel": "Ten", "ID": "$", "MD5": "59c7dd2eafdbe86b2e23bcdabb575448", "Soft_ Name ":", "Soft_desc": "", "File_desc": "Qvbjifryywnpbmcgwdg2iehvb2sgrw5naw5l", "Is_sys_file": "127", "size" : "41984", "Is_rep": "0", "file_name": "Apihex86.d



ll "," file_version ":" 6.1.7600.16385 "," product_version ":" 6.1.7600.16385 "," Copyrigh T ":" \u00a9 Microsoft Corporation. All rights reserved. "," Lang ":" 0 "," org_name ":" Yxbpagv4odyuzgxs "," Sign_name ":" Twljcm9zb2z0ifdpbmrvd3m= "," Company_Name ":" Microsof



t Corporation "," Update_time ":" 2012-07-31 18:14:27 "," Create_time ":" 2012-07-31: 14:27 "," Creator_mid ":" 15be5b7dce003cdc2c1d1448afcf6cf0 "}]," Count ":" 1 "}



are file attributes and file information, which involves two database tables, so validating data requires Python to get the corresponding information from both tables.



Get the file attributes from the first table, such as Get only plevel:



Select Plevel from ' file ' where md5= ' 59c7dd2eafdbe86b2e23bcdabb575448 '



Get the file information from the second table, such as Get only company_name:



Select Company_Name from File_info where md5= "59c7dd2eafdbe86b2e23bcdabb575448"



The Python code is as follows:



conn = MySQLdb.connect (host= '%s '% self.host, user= ' user ', passwd= ' test321 ', db= ' cloud ')



cursor = Conn.cursor ()



Count = Cursor.execute (' SELECT plevel from ' file ' where md5= ' 111111932490c813bf5ea9d8aa6fa60c ')



result = Cursor.fetchone ()



self.assertnotequal (Response.find (str (result[0)), -1)        



Count = Cursor.execute (' SELECT company_name from File_info where md5= ' 111111932490c813bf5ea9d8aa6fa60c ')



RESULT1 = Cursor.fetchone ()



Self.assertnotequal (Response.find (result1[0]),-1)



Of course the rigorous test case is that each attribute field needs to be looked up and matched, and here is no longer a repeat.



PostScript: This interface test is nothing but curl, Python unitest just, maybe some people will doubt, why use curl without PY pycurl or request, I think as long as can meet the demand, can use the existing How easy it is to come. Do a bunch of code maintenance is also troublesome Ah, now the QA industry job-hopping is also more frequent, in case of a person can not understand your code how to do? Oh






How to use curl and Python to perform interface testing on the server and Web side


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.