Test-Driven Development

Slides:



Advertisements
Similar presentations
xUnit Test Patterns (Some) xUnit Test Patterns (in practice) by Adam Czepil.
Advertisements

An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
Exception Handling Chapter 12.  Errors- the various bugs, blunders, typos and other problems that stop a program from running successfully  Natural.
ITEC200 Week02 Program Correctness and Efficiency.
CS 2110 Software Design Principles II Based on slides originally by Juan Altmayer Pizzorno port25.com.
CS1110 Lec November 2010 Exceptions in Java 1 Reading for today: 10. Next lecture: Ch 9.3 No labs this week, no TA office hours Wed-Fri, see consultant.
Development of a Web Based B&B Reservation System Elizabeth Gates 22July04.
Testing HCI Usability Testing. Chronological order of testing Individual program units are built and tested (white-box testing / unit testing) Units are.
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
1 Advanced Testing Concepts & TDD. 2 Testing vs. DBC DBC: Exhaustive correctness –Post conditions should work on all inputs –Often, highly complicated.
Unit Testing Tips and Tricks: Database Interaction Louis Thomas.
Programmer Testing Testing all things Java using JUnit and extensions.
Test Driven Development An approach to writing better code Jimmy Zimmerman Intel Corporation.
Testing. What is Testing? Definition: exercising a program under controlled conditions and verifying the results Purpose is to detect program defects.
Liang, Introduction to Java Programming, Seventh Edition, (c) 2009 Pearson Education, Inc. All rights reserved Chapter 18 Exception Handling.
Exceptions Handling Exceptionally Sticky Problems.
Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.
Mock Objects in Action Paulo Caroli & Sudhindra Rao Agile 2009 © ThoughtWorks 2008.
(1) Unit Testing and Test Planning CS2110: SW Development Methods These slides design for use in lab. They supplement more complete slides used in lecture.
TEST-1 6. Testing & Refactoring. TEST-2 How we create classes? We think about what a class must do We focus on its implementation We write fields We write.
Mock objects.
Copyright 2007 SpringSource. Copying, publishing or distributing without express written permission is prohibited. Testing Spring Applications Unit Testing.
Error Handling Tonga Institute of Higher Education.
Northwest Arkansas.Net User Group Jay Smith Tyson Foods, Inc. Unit Testing nUnit, nUnitAsp, nUnitForms.
Test Plans Test Driven Development – Unit test plan first Code coverage Automated Regression built as you go Debug is easier Serves as system doc – Still.
Software Testing Kobla Setriakor Nyomi Faculty Intern (Programming II)
Eighth Lecture Exception Handling in Java
FOP: Multi-Screen Apps
Exceptions throw new RuntimeException(“bad things happened”); The above line is the simplest possible way of throwing an exception. In Java, exceptions.
Java Exceptions a quick review….
Unit Testing - solid fundamentals
Test-driven development
Lecture 14 Throwing Custom Exceptions
Handling Exceptionally Sticky Problems
Putting Testing First CS 4501 / 6501 Software Testing
Java Programming Language
Testing and Debugging.
CO6025 Advanced Programming
Software Engineering 1, CS 355 Unit Testing with JUnit
Handling Exceptions.
Exception Handling Chapter 9.
(Test Driven) Software Development
Test Driven Lasse Koskela Chapter 2: Beginning TDD
History, Characteristics and Frameworks
Mocking Your Objects with Impunity
Exceptions Handling the unexpected
Design and Programming
Testing and Test-Driven Development CSC 4700 Software Engineering
Test Driven Lasse Koskela Chapter 2: Beginning TDD
CMSC 202 Exceptions 2nd Lecture.
CS240: Advanced Programming Concepts
TDD & ATDD 1/15/2019.
CSE 143 Java Exceptions 1/18/2019.
Java Exceptions Dan Fleck CS211.
Test Driven Lasse Koskela Chapter 9: Acceptance TDD Explained
Automated test.
CMSC 202 Exceptions 2nd Lecture.
Error Handling.
Applying Use Cases (Chapters 25,26)
Designing For Testability
CSC 143 Java Errors and Exceptions.
Handling Exceptionally Sticky Problems
Joel Adams and Jeremy Frens Calvin College
Computer Science 340 Software Design & Testing
CMSC 202 Exceptions 2nd Lecture.
Exception Handling.
Software Development Techniques
Automated test.
Exceptions Review Checked Vs. Unchecked Exceptions
ERROR HANDLING AND DEBUGGING
Presentation transcript:

Test-Driven Development Engineering Secure Software Test-Driven Development

Why Testing Matters (testing  security) (diet & exercise  health) Secure software requires a culture of initial distrust Distrust input until checked, cleaned, or blocked Distrust your own code until it’s tested Everybody is a tester. Even you. Security requires everyone to think diabolically Security is about the weakest link Regressions happen. A lot. Code changes often Technology changes often Vulnerabilities can keep coming back © 2011-2012 Andrew Meneely

Test-Driven Development Unit tests literally come first Functionality follows those tests Refactor between tests (floss, not root canal) Benefits: Tests are built up as the code is built Automated regression testing You’re already testing your code anyway, might as well automate it Fosters a testing mindset (good for security!) YAGNIfied designs

The TDD Way Action Result Write a unit test Write the stubs Write simplest functionality for those tests Refactor Redesign Go back to 1. …compile error! …red bar! …green bar!

Demo

TDD is not perfect! Developers have the same blind spots as before Misinterpreted requirement  bad tests Not a replacement for third-party testers Potentially infinite Can be inefficient if done poorly Focus on testing for your own mistakes. Know thyself. TDD takes practice and discipline

[TDD | Unit Testing] in Security You may be tasked with Testing your own code for security mistakes Writing security unit tests for code you do not know Security tests often require constructing elaborate situations Difficult to set up Difficult to make repeatable Need: Mock Objects

Common Problem: Controllers In MVC without mocks, testing controllers requires: Setting up the database Database interaction Assuming your Model is perfect A lot of the same testing you did for your model Instead: create a mock Model Expect a call to the model for a database lookup Return what you need for the test Result: testing a controller in isolation E.g. MockUserDAO UserController Test MockUserDAO UserDAO

Mock Objects Testing multiple classes == Integration Testing One unit  less functionality  easier to debug Mock objects: Are fake versions of the objects your class depends upon Are Java objects, but not your Java objects – stubbed methods Allow custom behavior without much setup Help keep unit tests simple Class under test Test Mock

Custom Mock Object One option: extend UserDAO, override the methods, and hardcode some test data Works, but… Inflexible Making your custom mocks any more complicated is too much time spent on tests public class CustomMockUserDAO extends UserDAO { @Override public User find(String name) { return new User("BobbyTables", "Bobby Tables", "bobby@example.com"); }

EasyMock Uses “magic” to create dynamic mocks Overrides the classloader Uses bytecode manipulation Create  Expect  Replay  Verify Mock object starts in “record mode” Switch to “replay” for your tests Verify that recording matches replay Method calls are overridden with custom behavior expect(db.findUser(12345L)).andReturn(user).once();

e.g. GetUser with EasyMock public class GetUserTest { private final IMocksControl ctrl = EasyMock.createControl(); private final UserDAO mockUserDAO = ctrl.createMock(UserDAO.class); private final User mockUser = ctrl.createMock(User.class); @Before public void init() { ctrl.reset(); // create mocks once, reset for every test } @Test public void lookupWorks() throws Exception { // Establish expectations expect(mockUserDAO.find("BobbyTables")).andReturn(mockUser).once(); ctrl.replay(); // Run & Verify ManageUsers manage = new ManageUsers(mockUserDAO); assertEquals(mockUser, manage.getUser("BobbyTables")); ctrl.verify(); // …more tests…

Quick Quiz What is this method testing? What if we didn’t have the fail() call? @Test public void something() throws Exception { try { doSomething("asdf"); fail("some message"); } catch (IllegalArgumentException e) { assertEquals(“something", e.getMessage()); }

e.g. GetUser Validate Input public class GetUserTest { private final IMocksControl ctrl = EasyMock.createControl(); private final UserDAO mockUserDAO = ctrl.createMock(UserDAO.class); private final User mockUser = ctrl.createMock(User.class); @Before public void init() { ctrl.reset(); } // …other tests… @Test public void lookupInvalidInput() throws Exception { // Establish expectations // note the absence of a mock call! ctrl.replay(); // Run & Verify ManageUsers manage = new ManageUsers(mockUserDAO); try { manage.getUser("' OR TRUE; --"); fail("exception should have been thrown!"); } catch (IllegalArgumentException e) { assertEquals("Only letters & numbers", e.getMessage()); ctrl.verify();

EvilMock Pattern Test the exception handling of your classes expect(mock.something()).andThrow(new NullPointerException()); Test the exception handling of your classes Mock an object being used, and throw challenging exceptions Use the mocks to get deep into the code, then throw an exception

Activity Work individually Using TDD Follow the instructions closely!! Everybody must submit their work You may talk to teammates on the lab, but not the exercise Submit to myCourses dropbox Using TDD Develop some functionality Utilize mock objects Follow the instructions closely!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.