On Sat, Oct 2, 2010 at 1:59 PM, Javier Andalia <janda...@gmail.com> wrote: > Andres, > > On Sat, Oct 2, 2010 at 8:49 AM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> One more question: some minor pieces of w3af code have doc-tests, do you >> guys know if there is a way to integrate pyunit with doctests? > > Actually by using 'nose' [1] as test runner we'll be able to run tests > written in pyunit (python's lib unittest) and doctest. Another nice > feature of nose is that it can be easily integrated with Eclipse [2].
I think I like the idea of having only one testing framework and converting the doctests we currently have into pyunit tests. Regards, > Regards, > > Javier > > [1] http://somethingaboutorange.com/mrl/projects/nose/0.11.2/ > [2] > http://www.machine-envy.com/blog/2006/07/29/automated-python-testing-with-nose-and-eclipse/ > >> >> Regards, >> -- >> Andres Riancho >> >> El oct 2, 2010 8:10 a.m., "Floyd Fuh" <floyd_...@yahoo.de> escribió: >> >> Andres, >> >>>> For unit testing, PyUnit (http://pyunit.sourceforge.net/) is the obvious >>>> choice for Python. >>>... >> >> I think we all agree on PyUnit :) . With PyUnit we may be already able >> to get 50% to 70% code (test) coverage. >> >>>> However, as soon as you start talking http server (or any server), by >>>> definition you aren't d... >> >> I think we should distinguish between unit tests (the code does >> what we want) and performance tests. For performance tests (for the >> entire framework) I would still use a server like before (Moth [0] to be >> precise). >> >>> >>>> For integration and functional testing, most of the frameworks rely on >>>> driving a browser (e... >> >> If we talk about unit tests I think it is not a good idea to use a real >> server. >> The tests would take very long, because the HTTP requests have to be really >> sent over the network. Tests should be easy to execute. Everybody who does >> a SVN checkout should be able to run 1 command on the command line and >> see which tests fail (without the need of a web server). >> >> I think the best would be to mock out the methods of the >> xUrllib. Example for the xss plugin (see Gene's link to mockito [1]): >> >> responseHeaders = {"Content-Type":"text/html"} >> xUrllibMock = mock(xUrllib) >> payload = '</A/style="xss:exp/**/ression(alert(\'XSS\'))">' >> url = "http://example.com/a.php?abc="+payload >> #Now here's the real magic happening: >> when(xUrllibMock).GET(url).thenReturn(httpResponse(200, payload, >> responseHeaders, url, url)) >> #Now use the mock object >> basePlugin._urlOpener = xUrllibMock >> #Now we would start the scan and check that the XSS was found with asserts >> or >> whatever >> ... >> >> Of course this is a LOT of work. We have to rebuild real-world >> vulnerabilites >> in our test cases. >> >>>> Both types of testing have value, but the integration testing is what I >>>> think you are looking... >> >> I think it is a good idea to start with PyUnit and easy methods (that don't >> need mock objects). >> >> Just what came to my mind. >> >> cheers >> floyd >> >> [0] http://www.bonsai-sec.com/en/research/moth.php >> [1] http://code.google.com/p/mockito-python/ >> >>>> >>>> On Fri, Oct 1, 2010 at 11:46 AM, Andres Riancho >>>> <andres.rian...@gmail.com> >>>> wrote: >>>>> >>>>> ... >> >> ------------------------------------------------------------------------------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing. >> http://p.sf.net/sfu/novell-sfdev2dev >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
