如何使用Selenium进行模糊测试 [英] How to do fuzzing testing with Selenium

问题描述

我是Selenium的新手，还进行了模糊测试.我看到Selenium IDE仅允许使用固定的测试用例.但是，模糊测试似乎很有帮助.

I'm new to Selenium, and also fuzz testing. I see that Selenium IDE only allows the fixed test cases. But then fuzz testing seems to be helpful.

因此，模糊测试的背后是Selenium提供什么样的测试，这是黑盒测试还是白盒测试.

So what's behind a fuzz testing, what kind of tests does Selenium offer, is this a black box or white box testing.

任何帮助将不胜感激.

推荐答案

简短回答:

• 硒主要用于黑盒测试，但您也可以使用硒进行一些更白的测试.
• 与Selenium IDE相比，Selenium RC为您提供了更多的模糊测试自由度.

长答案，请参见下文:

在这篇文章中，我将尝试解释使用Selenium RC随机测试Web应用程序的概念.

In this post I would try to explain the concept of randomly testing your web application using Selenium RC.

通常来说，像Selenium这样的黑盒测试技术为您提供了良好的自由度到

Normally speaking, a black-box testing technique like Selenium gives you a good freedom to

• (1)在特定字段中输入任何值
• (2)选择要以某种HTML格式进行测试的任何字段
• (3)选择任何执行顺序/步骤来测试一组特定的字段.

基本上是您

• 使用(1)测试HTML表单中的特定字段(是否为字段选择了合适的最大长度)，对该字段值的JavaScript处理(例如，将"t"转换为今天的日期，将"+1"转换为"(到明天的日期)，以及后端数据库对该变量的处理(VARCHAR长度，将数字字符串转换为数值，...).
• 使用(2)测试所有可能的字段
• 使用(3)测试字段之间的交互:如果未在密码字段之前输入用户名字段，是否弹出JavaScript警报，是否存在弹出"数据库(例如Oracle)触发器当某些条件不满足时.

请注意，即使从理论上讲，也无法测试所有内容(程序的所有状态，由所有变量的可能组合构成)(例如:考虑测试用于解析字符串的小函数，然后测试一个字符串有多少个可能的值)有 ?).因此，实际上，在有限的资源(时间，金钱，人力)下，您只想测试Web应用程序的最关键"执行路径.如果路径具有更多属性，则称为关键"路径:(a)频繁执行，(b)偏离规格会导致严重损失.

Note that testing EVERYTHING (all states of your program, constructed by possible combinations of all variables) is not possible even in theory (e.g.: consider testing your small function used to parse a string, then how many possible values does a string have ?). Therefore, in reality, given a limited resource (time, money, people) you want to test only the "most crucial" execution paths of your web application. A path is called more "crucial" if it has more of the properties: (a) is executed frequently, (b) a deviation from specification causes serious loss.

不幸的是，除非您已记录了应用程序的所有用例并选择了最常用的用例，否则很难知道哪些执行用例是至关重要的，这是一个非常耗时的过程.此外，如果这是一个安全漏洞，即使是执行最少的用例中的某些错误也可能造成很多麻烦(例如，由于某些PHP页面的URL处理中存在微小的错误，因此有人盗用了所有客户的密码).

Unfortunately, it is hard to know which execution cases are crucial, unless you have recorded all use cases of your application and select the most frequent ones, which is a very time consuming process. Furthermore even some bugs at the least executed use case could cause a lot of trouble if it is a security hole (e.g. someone steals all customers' password given a tiny bug in an URL handling of some PHP page).

这就是为什么您需要随机扫描测试空间(即在这些用例中使用的值的空间)，并希望运行所有内容并扫描所有内容.这称为模糊测试.

That is why you need to randomly scan the testing space (i.e. the space of values used in those use cases), with the hope to run-something-and-scan-everything. This is called fuzz testing.

使用Selenium RC，您可以轻松完成所有阶段(1)，(2)和(3):在任何执行步骤下，通过以Java，PHP，CSharp， Ruby，Perl，Python.

Using Selenium RC you could easily do all the phases (1), (2) and (3): testing any value in any field under any execution step by doing some programming in a supported language like Java, PHP, CSharp, Ruby, Perl, Python.

以下是完成所有这些阶段(1)，(2)和(3)的步骤:

Following is the steps to do all these phases (1), (2) and (3):

• 创建HTML字段列表，以便您可以轻松地遍历它们.如果您的HTML字段结构化不够(传统原因)，请考虑添加一个包含特定ID的新属性，例如将 selenium-id 添加到您的HTML元素，以(1)简化XPath的形成，(2)加快XPath的解析度，以及(3)避免翻译麻烦.在为这些新添加的Selenium-id选择值时，您可以通过(a)使用连续数字，(b)使用形成一致性的名称来随意进行模糊处理.
• 创建一个随机变量来控制步长，例如 rand_step
• 创建一个随机变量来控制字段，例如 rand_field
• 最终，创建一个随机变量来控制在特定字段中输入的值，例如 rand_value .
• 现在，在模糊测试算法内部，首先遍历 rand_step 的值，然后每次迭代，遍历 rand_field ，最后遍历 rand_value .

• Create list of your HTML fields so that you could easily iterate through them. If your HTML fields are not structurized enough (legacy reason), think of adding a new attribute that contains a specific id, e.g. selenium-id to your HTML element, to (1) simplify XPath formation, (2) speed up XPath resolution and (3) to avoid translation hassle. While choosing the value for these newly added selenium-id, you are free to help iterating while fuzzing by (a) using consecutive numbers, (b) using names that forms a consistency.
• Create a random variable to control the step, say rand_step
• Create a random variable to control the field, say rand_field
• Eventually, create a random variable to control the value entered into a certain field, say rand_value.
• Now, inside your fuzzing algorithm, iterate first through the values of rand_step, then with each such iteration, iterate through rand_field, then finally iterate through rand_value.

也就是说，模糊测试有助于在有限的执行时间后扫描整个应用程序的用例值空间.据说"出现了新的漏洞，影响了受欢迎的客户端端应用程序，包括Microsoft Internet Explorer，Microsoft Word和Microsoft Excel；这些漏洞的很大一部分是通过模糊测试发现的"

That said, fuzz testing helps to scan your whole application's use case values space after a limited execution time. It is said that "a plague of new vulnerabilities emerge that affected popular client-side applications including Microsoft Internet Explorer, Microsoft Word and Microsoft Excel; a large portion of these vulnerabilities were discovered through fuzzing"

但是模糊测试并非没有缺点.假设所有这些随机性都是一种再现测试用例的能力.但是您可以通过以下任一方法轻松克服此限制:

But fuzz testing does not come without drawback. One if which is the ability to reproduce a test case given all those randomness. But you could easily overcome this limitation by either doing one of the following:

• 先生成测试用例，然后将其放入一个批处理文件中，以便在一定时间内使用，然后逐步应用该文件
• 动态生成测试案例，并记录下来这些案例
• 仅记录失败的案例.

这篇关于如何使用Selenium进行模糊测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！