Verifying the robustness of mobile apps based on Fuzz technology

Problem definition

After the app is released, it's often easy to get all sorts of weird crash, and these crash can be located by various crash Analysis Services. But it does affect the user experience.
One of the classes in the crash classification is the back-end interface. such as the common cause of the app crash

• Interface itself changed, interface failed or timed out, such as the user into the subway
• Interface format changes. Field missing
• interface content changed, int string format was wrong. Some fields are inherently valued and then become null.

Once out of the question, back-end pot or do compatibility is a common solution. But for the app itself, it also needs to strengthen the robustness test.
Strong English name is robust, transliteration for "robustness" (also do not know which illiterate, spread too wide, it is easy to be heard "stick sex" ... Can't bear to look straight, not recommended to use ...)

Solution Design

Set up a proxy between the app and the back-end interface. Then use the agent's own technology to mock off the returned results. thereby forging the return value.
Based on the forgery of the return value, the original value is judged, and a variety of test cases are derived automatically according to the type. Like what

• If it is a number, automatically take a few typical scenes. Enlarges and shrinks n times. 0-1 2.00001 and so on.
• If it is a string. Automatically shorten and lengthen content based on length. and appropriately take typical values, such as ""
• All types will have a default chance to appear null

Tools Introduction

工欲善其事 its prerequisite, so the weekend in the company worked overtime for a day to do such a feature. The basis of
dependency is the interface test framework that I posted earlier. https://testerhome.com/topics/3614
The proxy tool itself has been stripped out of me.

  startupapi generic interface test tool based on the design of recording and generating use cases. Test Technology Exchange Https://testerhome.comUsage: STARTUPAPI [Options]-r | --record recording mode, the proxy is turned on on a specific port, or the mock mode-e | --export Generating a test case template from a data file-M <value> | --mock <value> set the rules for Mock,--mock $. name=xx,$. change=77 automatically fuzz specific fields, such as--mock $ if the expected value is fuzz. name=xx,$. Change=fuzz-p <value> | --port <value> listening ports, default is 7770-f <value> | --file <value> Data Save path-U <value> |  --url <value> limits the range of mocks used. --mock Quote.json,search.json-v | --verbose Show more debug information--helpstartupapi--record--port 8787--file proxy.harstartupapi--export har_file--url s Earch,liststartupapi--mock--proxy 8787--mock $.. name=value,$. Text=value2startupapi--mock--proxy 8787--mock $.. name=fuzz,$. Text=value2-url quote.jsonstartupapi-r-f/tmp/proxy.har-m $.. Name=xx-p 7777-u Quote.json  

Only mock and fuzz of JSON results are supported at this time.
You can set a specific field content that mocks only specific interfaces . Use Jsonpath to specify the interface fields to mock or fuzz.

Mock Demo

This is a mock demonstration.

#启动代理监听7777端口, 把所有接口返回内容里面的current字段设置为8888, 名字设置为testerhome.  原始的交互数据保存在/tmp/下.startupapi  -r  -f /tmp/proxy.har -m $..name=testerhome,$..current=8888 -p 7777 

To a fine-grained version of

#把所有的文本内容ST改成DD, 把9.98替换为77.7. 然后修改json结构中的当前价格startupapi  -r  -f /tmp/proxy.har -m $..current=8888,9.98=77.7,ST=DD -p 7777 

Fuzz Test

Modify the result value of the mock to fuzz to automatically replace the specific content with the fuzz type of data.
By modifying the mock result value to NULL, you can simulate the null condition inside the JSON.

#把所有的文本内容ST改成DD, 把9.98替换为77.7. 然后修改json结构中的当前价格startupapi  -r  -f /tmp/proxy.har -m $..current=FUZZ,9.98=77.7,ST=DD -p 7777 

Long press QR Code recognition concern, your support is our greatest power.

Public Number: Testing DreamWorks

QQ Group: 300897805

　　

Verifying the robustness of mobile apps based on Fuzz technology