V Tue, 18 Dec 2018 08:51:48 +0000 Arvin Schnell <[email protected]> napsáno:
> Hi, > > I see again and again regressions due to simple mistakes, > e.g. bsc #1119678 or bsc #1119699. Apparently code reviews, unit > tests nor rubocop did help in these cases (although the reviewers > found quite some mistakes in > https://github.com/yast/yast-yast2/pull/872). > > Real tests would have helped but it seems as if those were not > done. Even simple static code analysis would have prevented those > two bugs but we do not have it for Ruby. > > So what can be done to avoid such regressions in the future? Or > do we just bury our heads in the sand? Ideally all modified code should be covered by tests, but in this case we get security audit with stuff to fix which is too huge to be done with proper test coverage. And also this parts of code was quite old and almost not covered by tests ( even old ones ). So in this case to prevent potential security which need a lot of changes ( 500 just in shell injection and relative paths ) I do not do proper unit testing which will otherwise shows this issues. So answer is as usual unit testing and as last stand before customers openQA ( which in this case works well, as I see all bugs are caught by it ). It just need time when working with old code to cover changes properly and sadly in this case we did not have time. Josef > > ciao Arvin > -- To unsubscribe, e-mail: [email protected] To contact the owner, e-mail: [email protected]
