All the Perl that's Practical to Extract and Report

Useing Net::WWWServer for CGI black box testing

jflowers on 2003-05-09T11:15:59

So I am on to adding in support for black box testing. The idea is to provide a switch, when on would record all requests and responses. Net::WWWServer could then provide a CGI interface to let you review the reqs and resps. You could then group them into transactions and label the test. Later when you needed to perform a regression test you can select from the test you have already defined and run them. After the tests are complete a report will be generated. Besides what you think the report would contain it would let you compare the output of the tests against the correct response, both in rendered and un-rendered HTML, if applicable.

I have yet to think through how CGI that requires authentication can be tricked, stubbed, or something else. So there may be a few other things I have not thought of yet as well.

The main reason I think this approach to black box testing a CGI script or app is better than LWP: If while reviewing the test report you see that a test has failed you can repeat the test in the debugger. This would be initiated by a form button on the report. You need not spend more time setting up your CGI to debug a particular request, or even more time if it is a series of requests.

This is also where I think that my previous work on CGI and CGI::Carp (which I still owe L. Stein the diffs for) will come in handy. I added the option to save fatal errors in the same format as the black box testing would save requests. So any fatal errors encountered on a production site could easily fit in to this testing.

Well that is enough for now, I am sure some of you are napping by now.

Sessions

malte on 2003-05-09T12:52:11

Besides authentification, does it handle different methods of session handling?

Re:Sessions

jflowers on 2003-05-09T14:11:46

That is one of things that I am trying to figure out. The web app the I'm working on right now uses CGI::Session with cookies and a DSN of File...
I doubt I can find a way that would work for anyone's implamintation of state maintenance. So I think I will provide a hook and you can supply your own method to handle state.
If I can find a way to handle even 60% or 70% of the ways session maintenance would be implamented I would make it the default and provide a hook for those other 40% or 30%.
I hope to spend some time on it today an Sunday.