[OWASP_PHPSEC] OWASP Documentation

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jul 28 07:23:10 UTC 2013


hi Abhishek,

Appreciate the quick response. Take your time to complete this. :)


On Sun, Jul 28, 2013 at 3:12 AM, Abhishek Das <das.abhshk at gmail.com> wrote:

> Hi all,
>
> I'm aware of the issues. I haven't written any test cases after the latest
> changes in the http request handling library, and hence the issues. I
> apologize for that. I see a pull request from Sven on this as well. We can
> carry forward the ongoing discussion there and merge it asap. I'll first
> complete the documentation on the OWASP wiki, then add more robust test
> cases for the library and send in a pull request.
>
> Thanks
>
>
> On Sun, Jul 28, 2013 at 11:25 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> These test cases belong to Abhishek. I will contact him and let him know
>> of this issue.
>>
>>
>> On Sat, Jul 27, 2013 at 11:01 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> Sven,
>>> Please create a folder in the repo, containing environments for IDEs,
>>> and push yours in one of them. I don't want people to go through hell just
>>> to be able to have this package in one environment.
>>> -Abbas
>>>      ______________________________________________________________
>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>> integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display
>>> a file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com
>>>
>>> On Mordad 5, 1392, at 1:28 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>>>
>>> I'm in the process of setting up my environment to actually execute
>>> anything. All my previous findings were made by looking at the code and
>>> maybe run a small part manually.
>>>
>>> When I see that my IDE highlights the following in a testcase:
>>>
>>> $hr = HttpRequest::getParameter('HTTP_REFERER');
>>>
>>> And the complaint is that "getParameter" does not exist as a method in
>>> HttpRequest, then I'm pretty sure the test suite hasn't been run for a
>>> while, because this test can never be green.
>>>
>>> I do apprechiate that there are some tests at least. Some of them are
>>> way more complicated than they need to be (like the test for
>>> confidentialString, that does not check for the decrypted result, but
>>> tries to query a database instead with the values), some are more or
>>> less created in an uncommon way (for example, do no try/catch in a test,
>>> PHPUnit will complain if an exception is thrown but wasn't expected),
>>> and some aspects are currently really hard to test. Just think of the
>>> HttpRequest class that detects the used SAPI - which is always CLI if
>>> you run the tests from the command line - it would be necessary to run
>>> the tests via Apache to find the bugs and have complete coverage, or (my
>>> favorite) it needs more abstraction to allow faking the stuff.
>>>
>>> These testing issues need some experience to understand and avoid. And
>>> it is true that during the time of exploration and experimentation
>>> having too many tests will at least be nasty. But having none is also
>>> not very good, because you will not notice if you break something
>>> important.
>>>
>>> I'll be around some more time to give my feedback.
>>>
>>> Regards,
>>> Sven
>>>
>>> Am 27.07.2013 10:27, schrieb rahul chaudhary:
>>>
>>> HI,,,can you tell which tests are not working, because I am constantly
>>> checking test cases to work and they are working fine in my system...
>>>
>>> For some test cases, you need to have the DB installed.
>>>
>>> and yes, some of the test cases are not up to the standard. But as said,
>>> for now they just demonstrate the working....in dew time they will be
>>> updated using useful feedback from people like you. :)
>>>
>>>
>>> On Fri, Jul 26, 2013 at 3:27 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>>
>>> Hi Sven,
>>> Since we're changing things a lot (change not as in refactoring, as in
>>> changing the whole ideas), its not wise to go TDD. We're leaving test
>>> coverage for the final phase in summer.
>>> You should be aware that some developers in the team are working under
>>> GSoC.
>>> -Abbas
>>> ______________________________________________________________
>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>> integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display
>>> a
>>> file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<
>>> http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com
>>>
>>> On Mordad 4, 1392, at 11:47 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>>>
>>> Hi all,
>>>
>>> I'll take that opportunity and mention my sadness about the tests that
>>> are not really written, nor working.
>>>
>>> A test is the first opportunity to run the productive code. If it feels
>>> weird or cumbersome to write the test, then probably the code under test
>>> is not yet designed well.
>>>
>>> And the tests are always a working code example: They use the actual
>>> code (if the using code gets outdated, tests go red and get fixed, so
>>> examples are automatically updated), and they show both input parameters
>>> and expected and unexpected return values.
>>>
>>> I'd really suggest to write tests first.
>>>
>>> Regards,
>>>
>>> Sven
>>>
>>>
>>> Am 26.07.2013 21:01, schrieb Johanna Curiel:
>>>
>>> Hi Rauf
>>>
>>> I took a fast overview of your documentation which looks great, so keep
>>> the good work. something I recommend strongly is the use of code
>>> examples.
>>> Creating code snippets where you can explain how to use the library it's
>>> a
>>> great way to help users understand how they should implement the library
>>>
>>> regards
>>>
>>> Johanna
>>>
>>>
>>>
>>>
>>> On Jul 26, 2013, at 2:42 AM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>> Hello All and specially Johanna :P,
>>>
>>> I have finished my part of OWASP's documentation. You can look it here.
>>>
>>> https://www.owasp.org/index.php/Projects/OWASP_PHP_Security_Project/Roadmap
>>>
>>> Left are belongs to Abhishek. As more libraries will be added, I will add
>>> more documents there.
>>>
>>> I know that this document is not perfect and not at all final. So Johanna
>>> and others, please read that and suggest what more to add. I have not
>>> added
>>> technical details because that would be generated though PHPDocs and will
>>> be kept in github docs or some other place. OWASPs wiki is just for
>>> overview and reference.
>>>
>>> SO please let me know what more to put there.
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> Abhishek Das
> IIT Roorkee
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130728/5bc1e297/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list