One more question: some minor pieces of w3af code have doc-tests, do you
guys know if there is a way to integrate pyunit with doctests?
Regards,
--
Andres Riancho
El oct 2, 2010 8:10 a.m., "Floyd Fuh" <floyd_...@yahoo.de> escribió:
Andres,
>> For unit testing, PyUnit (http://pyunit.sourceforge.net/) is the obvious
>> choice for Python.
>...
I think we all agree on PyUnit :) . With PyUnit we may be already able
to get 50% to 70% code (test) coverage.
>> However, as soon as you start talking http server (or any server), by
>> definition you aren't d...
I think we should distinguish between unit tests (the code does
what we want) and performance tests. For performance tests (for the
entire framework) I would still use a server like before (Moth [0] to be
precise).
>
>> For integration and functional testing, most of the frameworks rely on
>> driving a browser (e...
If we talk about unit tests I think it is not a good idea to use a real
server.
The tests would take very long, because the HTTP requests have to be really
sent over the network. Tests should be easy to execute. Everybody who does
a SVN checkout should be able to run 1 command on the command line and
see which tests fail (without the need of a web server).
I think the best would be to mock out the methods of the
xUrllib. Example for the xss plugin (see Gene's link to mockito [1]):
responseHeaders = {"Content-Type":"text/html"}
xUrllibMock = mock(xUrllib)
payload = '</A/style="xss:exp/**/ression(alert(\'XSS\'))">'
url = "http://example.com/a.php?abc="+payload
#Now here's the real magic happening:
when(xUrllibMock).GET(url).thenReturn(httpResponse(200, payload,
responseHeaders, url, url))
#Now use the mock object
basePlugin._urlOpener = xUrllibMock
#Now we would start the scan and check that the XSS was found with asserts
or
whatever
...
Of course this is a LOT of work. We have to rebuild real-world
vulnerabilites
in our test cases.
>> Both types of testing have value, but the integration testing is what I
>> think you are looking...
I think it is a good idea to start with PyUnit and easy methods (that don't
need mock objects).
Just what came to my mind.
cheers
floyd
[0] http://www.bonsai-sec.com/en/research/moth.php
[1] http://code.google.com/p/mockito-python/
>>
>> On Fri, Oct 1, 2010 at 11:46 AM, Andres Riancho <andres.rian...@gmail.com
>
>> wrote:
>>>
>>> ...
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
