On 6/8/2017 9:17 PM, Stephan Beal wrote:
On Thu, Jun 8, 2017 at 10:43 PM, Ross Berteig <[email protected]
<mailto:[email protected]>> wrote:
For building tools to generally interact with a repo, take a look
at the JSON support. It's (still) not compiled in by default, but
builds easily if requested by ./configure --json.
Trivia: the reason it's not compiled in by default is the lack of test
coverage. Richard told me, way back when (2012, maybe?), that we could
enable it if it had complete test coverage, including fuzz tests
(making sure that random/garbage inputs/attacks don't break the repo,
allow DoS, butter-overrun attacks, and similar). i <cough> never got
around to doing that <cough> and am now physically incapable of doing
so. Thus... if it's going to happen, someone else will have to do it :/.
I created the existing JSON tests as a first step down that path.
Certainly not complete coverage yet, and no fuzz testing yet. The
existing tests call every documented JSON API at least once, and go to
some effort to exercise more features of some than others. I put some
effort into trying to trigger every documented error response code, but
IIRC there were a couple that I never found a reliable way to provoke.
I think fuzz testing is a great idea against all of fossil, but haven't
taken the time (yet) to begin working on it. Covering all of the
/webpages is probably wise.
I did run the test suite over a build of fossil instrumented to measure
test coverage once. There are plenty of areas where more tests are welcome.
I haven't rocked the boat lately since I'm comfortable with using my own
builds internally, but I do think that the JSON support is close to
solid enough to be on by default.
--
Ross Berteig [email protected]
Cheshire Engineering Corp. http://www.CheshireEng.com/
+1 626 303 1602
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
