[OWASP_PHPSEC] OWASP Documentation

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jul 28 05:55:12 UTC 2013


These test cases belong to Abhishek. I will contact him and let him know of
this issue.


On Sat, Jul 27, 2013 at 11:01 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> Sven,
> Please create a folder in the repo, containing environments for IDEs, and
> push yours in one of them. I don't want people to go through hell just to
> be able to have this package in one environment.
> -Abbas
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Mordad 5, 1392, at 1:28 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>
> I'm in the process of setting up my environment to actually execute
> anything. All my previous findings were made by looking at the code and
> maybe run a small part manually.
>
> When I see that my IDE highlights the following in a testcase:
>
> $hr = HttpRequest::getParameter('HTTP_REFERER');
>
> And the complaint is that "getParameter" does not exist as a method in
> HttpRequest, then I'm pretty sure the test suite hasn't been run for a
> while, because this test can never be green.
>
> I do apprechiate that there are some tests at least. Some of them are
> way more complicated than they need to be (like the test for
> confidentialString, that does not check for the decrypted result, but
> tries to query a database instead with the values), some are more or
> less created in an uncommon way (for example, do no try/catch in a test,
> PHPUnit will complain if an exception is thrown but wasn't expected),
> and some aspects are currently really hard to test. Just think of the
> HttpRequest class that detects the used SAPI - which is always CLI if
> you run the tests from the command line - it would be necessary to run
> the tests via Apache to find the bugs and have complete coverage, or (my
> favorite) it needs more abstraction to allow faking the stuff.
>
> These testing issues need some experience to understand and avoid. And
> it is true that during the time of exploration and experimentation
> having too many tests will at least be nasty. But having none is also
> not very good, because you will not notice if you break something
> important.
>
> I'll be around some more time to give my feedback.
>
> Regards,
> Sven
>
> Am 27.07.2013 10:27, schrieb rahul chaudhary:
>
> HI,,,can you tell which tests are not working, because I am constantly
> checking test cases to work and they are working fine in my system...
>
> For some test cases, you need to have the DB installed.
>
> and yes, some of the test cases are not up to the standard. But as said,
> for now they just demonstrate the working....in dew time they will be
> updated using useful feedback from people like you. :)
>
>
> On Fri, Jul 26, 2013 at 3:27 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
> Hi Sven,
> Since we're changing things a lot (change not as in refactoring, as in
> changing the whole ideas), its not wise to go TDD. We're leaving test
> coverage for the final phase in summer.
> You should be aware that some developers in the team are working under
> GSoC.
> -Abbas
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<
> http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Mordad 4, 1392, at 11:47 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>
> Hi all,
>
> I'll take that opportunity and mention my sadness about the tests that
> are not really written, nor working.
>
> A test is the first opportunity to run the productive code. If it feels
> weird or cumbersome to write the test, then probably the code under test
> is not yet designed well.
>
> And the tests are always a working code example: They use the actual
> code (if the using code gets outdated, tests go red and get fixed, so
> examples are automatically updated), and they show both input parameters
> and expected and unexpected return values.
>
> I'd really suggest to write tests first.
>
> Regards,
>
> Sven
>
>
> Am 26.07.2013 21:01, schrieb Johanna Curiel:
>
> Hi Rauf
>
> I took a fast overview of your documentation which looks great, so keep
> the good work. something I recommend strongly is the use of code examples.
> Creating code snippets where you can explain how to use the library it's a
> great way to help users understand how they should implement the library
>
> regards
>
> Johanna
>
>
>
>
> On Jul 26, 2013, at 2:42 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> Hello All and specially Johanna :P,
>
> I have finished my part of OWASP's documentation. You can look it here.
> https://www.owasp.org/index.php/Projects/OWASP_PHP_Security_Project/Roadmap
>
> Left are belongs to Abhishek. As more libraries will be added, I will add
> more documents there.
>
> I know that this document is not perfect and not at all final. So Johanna
> and others, please read that and suggest what more to add. I have not added
> technical details because that would be generated though PHPDocs and will
> be kept in github docs or some other place. OWASPs wiki is just for
> overview and reference.
>
> SO please let me know what more to put there.
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
>
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130728/e54ef36a/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list