Pattern 8: Test Your Methods before Others Do It

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

Even during development, functions and interfaces should be checked for their correct functionality and their behavior with faulty parameters and input values. An established methodology for this test of modules are the so-called unit tests.

In the testing unit, a test routine is created for each function or method, which first creates an output state (e.g., assigning variable values), then calls the function / method to be tested, and finally compares the result (e.g., a return value) with the expected or desired behavior.

Such unit tests can often be executed and evaluated automatically using tools (with integration into the developer IDE). Corresponding tools and frameworks exist for all common programming languages.

8.1      What are the threats facing us and our customers?

Incorrect Program Code and Problems with the Use of Applications

In the absence of quality control or inadequate test procedures, functional and / or safety-relevant faults can sometimes be overlooked in our applications and are not noticed by us or our customers until productive operation.

Difficulty Finding the Source of Root-Cause Problems (Root Cause Analysis)

Due to the complexity of today’s program codes, the root cause analysis of problems with source code errors can often be very complex. This is especially true when the misconduct is not really reproducible or occurs across several program components, classes, modules, and functions.

8.2      What should we consider during development?

Implementation of Test Routines within Functions/Methods

If data is processed in the program code (for example stored in the database) or output values, the individual data fields and variables should be checked for valid values within the expected value range.

Create Unit Tests

For each function, a separate unit test should be created, which checks the correct functioning and the expected behavior of the function in case of incorrect input data. For the creation of unit tests, software tools and tools exist for most programming languages and can also be integrated into the usual development environments.

Execution and Evaluation of Unit Tests

The unit tests that are created should be run and evaluated regularly and automatically (for example, at each build), so that detected faults can be identified and corrected promptly.

8.3      Further Information

Use of unit tests with Spring framework:
http://docs.spring.io/spring/docs/current/spring-framework-reference/html/unit-testing.htmlTutorial for the implementation of unit tests for Spring MVC controller:
http://www.petrikainulainen.net/spring-mvc-test-tutorial/Basics for creating unit tests:
https://msdn.microsoft.com/en-us/library/hh694602.aspxGuide to create unit tests with .NET:
https://msdn.microsoft.com/en-us/library/hh598960.aspx

https://www.gronau-it-cloud-computing.de/10-pattern-for-secure-software-development/

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.