Automated testing of document management solution
A turnkey solution for automated testing of an API of a document processing software
-
Services:
Software Product Development, QA and Testing
-
Industries:
Software Development, Cloud Solutions, ioT
-
Technology Stack:
С#, ASP.NET Core, Azure, Microsoft IIS. Dаtabase: Microsoft SQL, QA technology stack: Ruby, Cucumber, CI/CD: Azure, Docker
-
Project Summary:
As a part of the provision of QA and Testing services, Polytech Software fully automated API (Application Programming Interface) testing of document processing software called Capture Manager.
Results in numbers
After the first test iteration, we found:
● 23 bugs in automatically generated documentation
● 13 bugs generated by an incorrect scheme of API response
● 22 vulnerabilities to SQL injections
● 10 bugs connected with an incorrect code of the application response
● API testing sped up 13 times.
About the product
KYOCERA Capture Manager (KCM) allows automation of workflows through the capture, process, classification and routing of important data from documents of all types, whether they are scanned from paper or received digitally via email, web or mobile. Through the elimination of manual processes – such as reading and typing information and sending to the correct person or business system – more time can be allocated to important tasks, allowing business processes to be optimized.
For image recognition, module Adobe OCR is used. As a source of raw data, the application allows using Google Drive, folders in the file system, emails, and scanners. The application saves recognition results in the folders of the file system, on Google Drive, in relational databases, or sends via email.
Solution
Manual testing of an API (communication protocol) of Capture Manager was highly time-consuming. A lot of time was spent on checking every request and response with all possible sets of parameters. To reduce the testing time and avoid the tiring procedure of entering parameters and checking results, we offered to automate the process – to build a framework consisting of a set of scripts and a convenient interface for inputting parameters and estimating results of automated API testing, and integrate it in the customer’s CI/CD pipeline.
As basic information on API, the customer provided automatically generated Swagger documentation. It was our starting point for defining the number of necessary tests and choosing the way of application testing. To ensure the qualitative API functioning, it was necessary to check the way valid and nonvalid requests were processed, what response codes returned, response structure, and data types used for responses. These checking processes were automated and formed the basis of the framework for automated API testing. The framework was packed into a Docker image for fast and easy integration in CI/CD. As a result, the framework became a part of the program code, and API is tested automatically with a respect of any code changes.
We had to take into account that API would build up its functionality. Ideally, new tests had to be added to the framework automatically. To ensure automatic updates of tests, we built a utility, generating tests from Swagger documentation. Each time after launching the set of tests, the utility checked the API documentation version and generated new tests if it detected any changes. So, each new API version was automatically tested without human intervention into the process of generating tests.
Finally, the framework was supplemented by tests, which checked API responses that way testing internal algorithms, embedded in API. The testing was conducted according to the automated Black Box method.
● Role-based security testing,
● Brute-force attack protection testing,
● Session management testing,
● SQL injection protection testing.
Results in numbers
● 23 bugs in automatically generated documentation
● 13 bugs generated by an incorrect scheme of API response
● 22 vulnerabilities to SQL injections
● 10 bugs connected with an incorrect code of the application response
● API testing sped up 13 times.