[OWASP-ESAPI] Java Code Revew

Ed Schaller schallee at darkmist.net
Tue Dec 8 23:27:15 EST 2009


> It should be noted that my biggest hangup was on the unit tests.  One of the best reviews an organization can do is test reviews.   Additionally, one of the best ways that a new comer or user of the system can understand the intent of a system is by reviewing the tests (I refer to unit tests as "Executable intent")

Unit tests (until I commit tonight...grr) should work in linux now.

> 4. The tests in general look like they run on one guys machine... with references to user.home, etc.

I've slowly been working on the SafeFileTest but as you mention other places it has other issues.

> 9. It appears that many of the tests are designed for human observation... and not machine validation.  The output is for humans.

I haven't gone through many of the test cases that haven't either been failing or related to the codecs. I know SafeFileTest is a huge culprit here. Do you have a list of other ones?

> 10. All defaults are windows... probably not where this code will run in production.  It would be great to provide platform independent options where possible and multiple properties files for several OS.

+1

>>>------>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091208/29c9c500/attachment-0001.bin 


More information about the OWASP-ESAPI mailing list