INDEX
Symbols Digg QA and, 107–108 algorithms, hashing, 349–350 # (pound sign), commenting data sets and, 202 AMF (Action Message Format), 117 $backend attribute, 143 Apache, profi ling and, 325, 327 $server attribute, 143 Apache Bench (AB), 318, 321–322, 324 * (asterisk character) in tables, 204 Apache HTTPD, 277 | (pipe) and |- characters, line breaks and, 202 APD, 329–330 > (greater than character), line breaks and, 202 API credentials, 117, 118–121 “ (double quotes), delimiting strings and, 202 API limits, 117, 121–122 ‘ (single quotes), delimiting strings and, 202 Arbit, 14 architecture ezcGraph component, 173–174 A Patterns of Enterprise Application Architecture (Addison-Wesley Professional), 32 AB (Apache Bench), 318, 321–322, 324 Selenium RC, 229 abstract classes, testing, 66 service-oriented, mocking (Digg), 104–107 Abstraction of software artifacts, 259–260 swoodoo and, 298 acceptance tests of WebDAV component, 133–135, 138 acceptance test suite (WebDAV), 146–147 ASAP tasks (swoodoo), 289 agile development and (studiVZ), 227–228 assertDataSetsEqual() method, 215 automated (WebDAV), 139–140 assertions basics of, 20, 46, 227–228 assertion roulette, 74–76 class PHPUnit_Framework_TestCase Flash and, 184–185 (WebDAV), 142–146 multiple (ezcGraph), 176–177 defi ned, 4 rules for creating, 238 examples (WebDAV), 147–149 assertRunCorrect() custom assertion method, access 145–146 accessibility of websites, 304 assertTablesEqual() method, 215, 217 to database objects, security and, 351–352 asterisk character (*) in tables, 204 physical access, security and, 343–344 asynchronous events, testing, 37–41 URL access, securityCOPYRIGHTED and, 349 Atlassian MATERIAL Bamboo Continuous Integration Action Message Format (AMF), 117 Server, 231 ActiveX, swoodoo and, 282 atomic tests with dynamic test data (studiVZ), addDataSet() method, 205, 206–207 234–235 addUser() method, 192 attributes, test case class (WebDAV), 143 addYamlFile() method, 201 authentication, broken authentication and session Afferent Coupling, 259 management, 352 agile development. See also swoodoo automation acceptance tests and, 227–228 automated acceptance tests (WebDAV), 139–140 agile methods, advantage of, 240 automated forwarding, security and, 347–348 agile paradigms and continuous integration, 278 automated tests, 18–19
365
bbindex.inddindex.indd 336565 33/31/2011/31/2011 111:41:571:41:57 AAMM availability of web applications – code
automation (continued) C of build process, 251 importance of, 150 Cadaver, 137–138, 147–148 selection of tests for (studiVZ), 235 Cairo, 182 testing and, 108–109, 110, 226 cairowrapper PHP extension, 172 availability of web applications, 4 CakePHP test suite, 87 CalculatorTest example, 23–24 Caldiera, Gianluigi, 14 B callbacks, 68–69 Callgrind, 325–328 bad code, 8 Capability Maturity Model Integration (CMMI), 6 Balousek, Robert, 91 capture and replay, vs. programming, 240–241 Bamboo, 231 Carica CacheGrind, 331 Basecamp, 311 Carr, James, 72 Basili, Victor R., 14 certifi cates, security and, 348–349 Bergmann, Sebastian, 37, 68, 95 Change Risk Anti-Patterns (CRAP) Index, 11 Bevan, Nigel, 4 charts. See also ezcGraph component big classes, 58 chart primitives, 174 binary data, testing, 179–185 pie charts, generating, 173 basics of, 179 Chrome mode, 236 bitmap creation, 181–183 Churcher, Neville, 261 drivers, 179 CI. See continuous integration (CI) expectation generation, 179–180 class AcceptanceTests_Modules_ Flash, 183–185 Gruscheln_GruschelFriends extends SVG, 180–181 PhoenixSeleniumTestCase (listing), 234–235 bitmap images, creating, 181–183 class constants, unnecessary (swoodoo), 293–294 black box tests, 15, 227 class ezcUrlTest extends ezcTestCase (listing), Blankerts, Arne, 341 74–75 bookmarks, website usability and, 307–308 class ezcWebdavClientTestContinuousSetup bottlenecks when testing, avoiding, 239 (listing), 148 browsers class PHPUnit_Framework_TestCase, 142–146 browser simulators, 166–168 class Zend_Controller_ActionTest extends compatibility vs. functionality (studiVZ), 236 PHPUnit_Framework_TestCase (listing), 73 testing of applications and, 17–18 class Zend_Service_Amazon_OnlineTest extends Bruntink, Magiel, 10 // [..] (listing), 88 bugs classes adding new features and, 155 big, 58 fi nding/fi xing (symfony), 154–155 class dependencies, reducing, 159–161 fi nding/fi xing (TYPO3), 63 software metrics and, 256–258 global state and, 79 testing abstracted, 66 live, early testing and, 109 classic metrics, 255–259 obscure tests and, 78 Clean Code, 8–9 revealed by data in databases, 222 CLEAN INSERT setup operation, 209–210 self-validating tests and, 87 Clickheat, 314 source of, 188, 220, 282 client compatibility (WebDAV), 133 build process CMMI (Capability Maturity Model Integration), 6 automation of, 251 code continuous integration and, 252 amount of, QA and, 94 build tools, 251 code clones, 12, 253–254 Buildix, 286 code coverage, 11, 155 business rules. testing, 18 code smells, 13, 272 bytekit-cli, 13 committing daily (TYPO3), 55–56
366
bbindex.inddindex.indd 336666 33/31/2011/31/2011 111:41:571:41:57 AAMM code – data set decorators
decoupling with dependency injection (symfony), overview, 249–250 158–159 reporting, 272–273 dependencies, 24–25 resource-oriented web services and, 116 duplicated, 9, 12, 58, 73, 253–254 reverse proxy, 277 faulty source code, security and, 347 static analysis. See static analysis guidelines, continuous integration and, 268–269 static tests. See static tests HTML code, website usability and, 309 testing techniques, 249–250 legacy code, PEAR standard and, 269–270 version management, 252 semantic code, website usability and, 309 contrast (visual), usability of websites and, 306 standards in daily work, 270–271 COPY request (WebDAV), 132 test code is software, 240 cost of security, 346–347 testable code, writing, 98–100 coupling, loose, 12 tests vs. real code, 155–156 CPU metrics and performance testing, 318, 338 code (TYPO3) CRAP (Change Risk Anti-Patterns) Index, 11 clean code, 56–57 Crazyegg, 314 developing new, 60–61 createDataSet() method, 203 disposing of old, 63–64 createQueryTable() method, 203–204, 215, duplicated, 58 217–218 extending and modifying, 61 Crosscheck, 286 optimizing, 61–63 Cross-Site Request Forgery (CSRF/XSRF), 351 readability of, 63 Cross-Site Scripting (XSS), security and, 353–354 Code Rank metrics, 261 CruiseControl cohesions, system, 12 basics of, 13–14 collection resources (WebDAV), 132 Build Loop and, 264 collections (WebDAV), 132 confi guring, 265–266 collective code ownership, swoodoo and, 290–291 JDK and, 263 compare command, 182 PHP_CodeBrowser and, 273 components. See ezcGraph component; web service swoodoo and, 286 consumer components; WebDAV component cryptographic storage, security and, 349–350 composite decorator, 205–207 CSS, usability of websites and, 303, 309, 310 conditional logic in tests, 85–86 CSS3 selectors, 168–169 confi guration, continuous integration and, 251, CSV data sets, 200 264–266 Cunningham, Ward, 5 constructive quality assurance, 7–8 custom instrumentation, 337–338 constructors in interfaces, avoiding, 65 Cyclomatic Complexity, 10, 258–259, 261 content management (TYPO3), 49 context-sensitive matcher and constraints (DSL), 245 continuous deployment, 276–277 D continuous integration (CI), 249–279 agile paradigms and, 278 Dambekalns, Karsten, 49 automated build processes, 251 data (in databases) basics of, 250, 252 data operations, 209–211 confi guration, 251, 264–266 testing independently from data sources, 32–37 continuous deployment, 276–277 testing loading of, 211–215 defi ned, 252 testing modifi cation of, 215–218 deliverables, 274–275 testing problems revealed by, 222 Digg QA and, 95, 109, 110 testing problems with, 190–191, 221–222 dynamic tests, 272 data set decorators, 204–209 Hudson and, 55–56 composite decorator, 205–207 installation, 263 data sets, generating, 209 integration, defi ned, 251 fi lter decorator, 204 operations, 275–276 replacement decorator, 207–209
367
bbindex.inddindex.indd 336767 33/31/2011/31/2011 111:41:571:41:57 AAMM data sets – Eff erent Coupling
data sets, creating, 196–209 developers CSV data sets, 200 vs. management (swoodoo), 287–288 data set decorators. See data set decorators nobody-but-me-understands-my-code database data sets, 203–204 developer, 296 fl at XML data sets, 199–200 development. See also agile development; test-driven overview, 196–197 development (TDD) XML data sets, 197–199 piece by piece development, 53 YAML data sets, 201–202 vs. production environments, 338 database dependency (Digg QA), 101 security, software development and, 344–346 database interaction, testing, 187–222 Digg quality assurance, 91–112 contraindications for, 188–189 agile process, 107–108 mocking database connections, 191 Bergmann, Sebastian, 95 overview, 187–188 challenges, 110 PHPUnit database extension. See PHPUnit dependency injection, 100 database extension legacy code, 92–93, 94 reasons for, 189–190 mock objects. See mock objects regression testing, 220–222 overview of Digg, 91–92 test-driven design, 220 PHPUnit and, 95 what to test, 190–191 PHPUnit training, 95–98 databases, security and, 341–342 projects, smaller, 94 DB class, 99 refactoring, 94 dbdeploy tool, 194 static methods, avoiding, 98–100 DDD (Domain-Driven Design), 59–60 teams, smaller, 93 debugging testing, 108–110 --enable-debug confi gure option, 319, 338 unit testing, 94 microtime function and, 337 writing testable code, 98–100 null: parameter and, 182 Dijkstra, Edsger W., 7–8 Subject/Observer pattern and, 102 DispatcherTest class, 89 tests, 169–170, 234, 237 Distance, software metrics and, 259, 260 tools, 137 doFoo() function, 98–100 decorators, data sets. See data set decorators Domain Specifi c Language (DSL). See DSL, creating and decoupling testing (studiVZ) code with dependency injection, 158–159 Domain-Driven Design (DDD), 59–60 core classes, 159–161 double quotes (“), delimiting strings and, 202 delete() method, 105–106 driver mocking DELETE request (WebDAV), 132 basics of, 175–176 deliverables, 274–275 expectations, 178 dependency multiple assertions, 176–177 class, reducing, 159–161 structs, 177–178 code, 24–25 drivers (ezcGraph), 179 database, 93, 101 DSL, creating and testing (studiVZ), 242–246 explicit, 9 duplicated code, 9, 12, 58, 73, 253–254 global, 31–32, 79 dynamic test data (studiVZ), 234–235 loosely coupled, 101–102 dynamic tests, 272 minimal, 9 dependency injection complex dependency and, 11 E defi ned, 9, 25 dependency injection containers, 154, 159 eager tests, 74–76 Digg QA and, 100 Eberlei, Benjamin, 71 symfony and, 158–159 edge cases, 96 deployment, continuous, 276–277 edge-to-edge tests, 46 developer tools, 12–14. See also specifi c tools Efferent Coupling, 259
368
bbindex.inddindex.indd 336868 33/31/2011/31/2011 111:41:581:41:58 AAMM e-mails – getDataSet
e-mails, sending asynchronously, 37–39 “Fluent Interfaces in PHP”, 244 --enable-debug confi gure option, 319 fold (on website pages), 311 encapsulating fonts, website usability and, 304–305, 308 input data, 44–45 FooServiceTest class extends PHPUnit_ output data in Response objects, 45–46 Framework_TestCase, 120 encryption of passwords, security and, 349–350 Forgotten Password functionality, 352 end-to-end tests, 4, 46 formats enumerated test methods, 82 Action Message Format (AMF), 117 environments for data sets, 197 considerations for performance testing, 319–320 XML data set format, 197 development vs. production environments, 338 forms test environments, setting up, 29–31 labels for form elements, 305 equivalence classes, 16 testing, 169 Erkkila, Matt, 91 forwarding, security and, 347–348 error handling, security and, 345–346 Fowler, Martin, 32, 58, 244, 253, 257 Eure, Ian, 91 fragile tests, 76–77 Evans, Cal, 244 frames, eliminating on websites, 308 event dispatchers, for reducing dependencies, 159–161 frameworks, testing (symfony), 154–161 explicit dependencies, 9 class dependencies, reducing, 159–161 extensibility (WebDAV), 133 dependency injection and, 158–159 external DSL, 243–244 functional vs. unit tests, 156 external quality (software), 4 release management process, 154–155 EXtreme Programming (XP), swoodoo and, 285–286 running test suites, 156 eZ WebDAV component. See WebDAV component singleton design pattern, 156–158 ezcGraph component, 171–185 tests vs. real code, 155–156 architecture, 173–174 Freeman, Steve, 9, 46 binary data, testing. See binary data, testing front-end development, website usability and, 301 development history, 171–172 front-end tests development philosophy, 172 studiVZ, 239 driver mocking, 175–178 vs. unit tests, 235 overview, 172–173 functional tests test requirements, 174 basics of, 165–166 tutorial, 173 browser simulators, 166–168 ezcMvcDispatcherConfigurable test, 81 CSS3 selectors, 168–169 ezcUrl class, 74–75 debugging, 169–170 ezcWebdavClientTest test case class, 143 end-to-end tests, 46 ezcWebdavClientTestSuite, 146–147 fi xtures, 168 testing forms, 169 vs. unit tests (symfony), 156 F functionality, defi ned, 4 functions fault tolerance, usability of websites and, 313 function that adds 2 integers, 96–97 feedback on interaction (websites), 311–312 software metrics and, 256–258 fi le systems, access code testing and, 64–65 FURPS quality model, 3 fi les (WebDAV), 132 fi lter decorator, 204 Firebug, 137, 314 G fi xtures, 29, 168 Flash, binary data testing and, 183–185 GD extension, 183 fl at XML data sets, 199–200 GD library, 172 fl ight search engine (swoodoo), 282–284 GET method (WebDAV), 137 fl oating-point numbers, 176, 181 getConnection() method, 192–193 Flood, 324 getDataSet() method, 196, 197
369
bbindex.inddindex.indd 336969 33/31/2011/31/2011 111:41:581:41:58 AAMM getMock – Lemke
getMock() method, 175 input data, encapsulating, 44–45 getMockForAbstractClass() method, 66 insecure direct object references, 351–352 getObject(), asking for unknown object, 55 insert() method, 216 getSetUpOperation() method, 210 Instability and Abstraction software metrics, 259–260 getTearDownOperation() method, 210 installation, continuous integration and, 263 global dependencies instrumentation, custom, 337–338 avoiding, 31–32 integers, testing and, 96–98 global state and, 79 integration tests, 46, 77, 139 global mutable state metric, 11 interfaces global state obscure tests, 78–80 avoiding constructors in, 65 Goal-Question-Metric (GQM) approach, 14 software metrics and, 256–258 Goldberg, David, 176 internal DSL, 242, 243 GoogleMail, 311 internal quality (software), 5 GPG, 350 Irwin, Warwick, 261 graphs. See ezcGraph component ISO/IEC 9126-1 software quality model, 10 Grochtdreis, Jens, 301 isolation, test, 19–20 Growing Object-Oriented Software, Guided by Tests isSpam() method, testing, 130 (Addison Wesley), 46 iX magazine, 50
H J hashing algorithms, security and, 349–350 Jankowfsky, Lars, 281 Hevery, Miško, 11 Janzen, David S., 8 home page, logo links to, 307 JavaScript Horváth, Max, 225, 227 Crosscheck, 286 htmlspecialchars() function, 354 usability of websites and, 303–304, 309–310 HTTP XSS and, 353 security and, 348 Jeffries, Ron, 6, 56 WebDAV component and, 131–132 JMeter, 324 HTTP-based applications, testing, 17 Juicy Studio Accessibility Toolbar, 306 HTTPLoad, 318 HTTPPerf, 324 HTTPS, security and, 348 K Hudson, 14, 55–56 Huggins, Jason, 46 KCachegrind, 62, 326, 328–329, 331 Kerckhoffs, Auguste, 344 keyboard commands, Selenium tests and, 236 I keyboard navigation, website usability and, 305–306 Khan, R. A., 10 IDs, importance of using, 237–238 KISS! (Keep It Simple Stupid), 287, 293, 294, 296 ImageMagick software, 182–183 images alternative texts for, 307 L background, readability and, 307 bitmap images, creating, 181–183 labels for form elements, 305 Flash and, 183–185 Lanza, Michele, 10 generating with PHP, 172 Late Static Binding (PHP 5.3), 34 image primitives, 174 Law of Demeter, 11 in_array() function, 191 LCA (Low Cost Airline) Engine, 284 indirect unit testing, 80–82 legacy code infrastructure planning, security and, 342–343 PEAR standard and, 269–270 initialize() method, 158–159 QA and, 92–93, 94 injection, security and, 354 Lemke, Robert, 49
370
bbindex.inddindex.indd 337070 33/31/2011/31/2011 111:41:581:41:58 AAMM libraries – non-public methods
libraries short, 9 GD library, 172 software metrics and, 256–258 testing libraries, 161. See also lime tool static, 98–100, 210–211 Liggesmeyer, Peter, 3 test*() methods, 142 lime tool testing protected, 66–68 vs. PHPUnit, 162 “Metric Based Testability Model for Object Oriented speed of symfony test suite and, 156 Design”, 10 with symfony, 162–165 micro-optimizations and performance testing, 338–339 line spacing, website usability and, 304–305 minimal dependencies, 9 Lines of Code (LOC) software metric, 12, 255–256, 261 misconfi guration, security and, 350 links, website usability and, 307 MKCOL request (WebDAV), 132 linter tool, 271 mock objects, 100–107 Lively, Michael Jr., 187 database dependency, 101 load testing, 320 defi ned, 34, 36 load testing tools loosely coupled dependencies, 101–102 Apache Bench (AB), 318, 321–322, 324 Memcached, 103–104 HTTPLoad, 318 overview, 100–101 Pylot, 318, 322 service-oriented architecture, mocking, 104–107 loadByUserPass() method, 212–213 Subject/Observer pattern, 102–103 LOC (Lines of Code) software metric, 12, 255–256, 261 Mockery independent mocking framework, 82 locators mocks and mocking. See also driver mocking defi ned, 228 mocking database connections, 191 stabilizing (Selenium), 237–238 mocks, defi ned, 78 LOCK request (WebDAV), 132 unit tests and, 88–90 logo links to home page, 307 model layer, 104–105 long methods, 58 Model Service class, 106–107 long term support (Ubuntu), 155–156 modularity (WebDAV), 133 loose coupling, 12 monolithic tests, 232–233 loosely coupled dependencies, 101–102 MOVE request (WebDAV), 133 Low Cost Airline (LCA) Engine, 284 multiton pattern, 157 LUKS, 344 Mustafa, K., 10 lying tests, 83–84 MVC controller example (unit testing), 25–29 MVC Dispatcher in FLOW3, mock overuse in, 89 MySQL M Digg architecture and, 104 security and, 350 MacCallGrind, 331 testing and, 189 mail transfer agent (MTA), 37 Marinescu, Radu, 10 Martin, Robert C., 8 N McCabe, Thomas J., 10, 255, 258 McCarthy, Jeremy, 91 Nagios, 295–296 MD5, 350 names, obscure test names, 82–83 meinVZ, 226 naming Memcached, 103–104, 319 classes (swoodoo), 287 memory_get_peak_usage() function, 338 methods, 57, 287 memory_get_usage() call, 337–338 navigation, usability of websites and, 312 Meszaros, Gerard, 36, 72 Neate, Blair, 261 methods Nohn, Sebastian, 13, 14, 249 calling non-public, 68 noncollection resources (WebDAV), 132 long, 58 non-mockable total recursive Cyclomatic Complexity naming, 57, 287 software metric, 11 request (WebDAV), 132–133 non-persistent XSS, 353 sfBrowser class, 166–167 non-public methods, calling via refl ection API, 68
371
bbindex.inddindex.indd 337171 33/31/2011/31/2011 111:41:581:41:58 AAMM Nordmann – PHPUnit database extension
Nordmann, Kore, 14, 135, 171 load testing tools, 321–324 normalizeFlashCode() method, 185 micro-optimizations, 338–339 npath complexity, 10 overview, 317–318 Npath Software Testing complexity metric, 21 priority of optimization, 339–340 profi ling. See profi ling strace, 334–335 O Sysstat, 336–337 system metrics, 334–338 object-oriented metrics, 259–262 tools, 318–319 Object-Oriented Metrics in Practice, 10 performSetup() method (WebDAV), 148 object-oriented programming (OOP), Digg QA and, 93 persistent XSS, 353 objects. See also mock objects Phar, 246 insecure direct object references, security and, Philipps, Christiane, 225, 227 351–352 phing tool, 194 lowering dependencies between, 159–161 PHP Copy-Paste-Detector (phpcpd), 12, 74, 253–254 obscure tests PHP Dead Code Detector, 13 global state and, 78–80 PHP DOM extension, XML comparison and, 180 indirect testing, 80–82 PHP limitations, performance testing and, 339 obscure test names, 82–83 PHP Magazin, 50 offl ine testing PHP Mess Detector, 13 of concrete services, 126–130 PHP Session Save Handler, 343 of service protocols, 117, 122–126 PHP_CodeBrowser (phpcb), 13, 273 O’Neill, Brian, 91 PHP_CodeSniffer, 13, 268–269, 270, 286–287 OOP (object-oriented programming), Digg QA PHP_Depend (pdepend), 13, 255–257, 260, 261–262 and, 93 phpcpd (PHP Copy-Paste-Detector), 12, 74, 253–254 Open Web Application Security Project (OWASP), 347 phploc, 12, 255–256 OpenSSL, 350 phpMyAdmin, 344 O’Phinney, Matthew Weier, 115 PHPT vs. PHPUnit, 95 OProfi le, 333 phpUnderControl, 13, 263, 264, 272, 273–277 output data, in Response objects, 45–46 PHPUnit automated acceptance tests with, 139–140 P basics, 12 class PHPUnit_Framework_TestCase, 142–146 pair programming (swoodoo), 290–291 constructors in interfaces and, 65 passwords developing new code and, 60–61 encryption of and security, 349–350 global state and, 80 Forgotten Password functionality, 352 inadvertently functional unit tests and, 64 stored, security and, 352 indirect testing and, 81 strength of, 352 integrating acceptance tests and, 142–149 Pattern Acceptor, 101–102, 104 vs. lime, 162 Patterns of Enterprise Application Architecture vs. PHPT, 95 (Addison-Wesley Professional), 32 Selenium extension of, 229–230 pdepend (PHP_Depend), 13, 255–257, 260, 261–262 swoodoo and, 286 PEAR, 94, 269–270 training workshop for, 95–98 PECL, 339 unit test for, 23 performance, usability of websites and, 308–310 PHPUnit database extension, 192–220 performance testing, 317–340 data operations, 209–211 CPU metrics, 338 data sets, creating. See data sets, creating custom instrumentation, 337–338 database tester, 218–220 development vs. production environments, 338 loading of data, testing, 211–215 environmental considerations, 319–320 modifi cation of data, testing, 215–218 limitations of PHP and, 339 multiple test databases, 194–196 load testing, 320 overview, 191–192
372
bbindex.inddindex.indd 337272 33/31/2011/31/2011 111:41:581:41:58 AAMM PHPUnit Manual – reporting
PHPUnit_Extensions_Database_TestCase class, OProfi le, 333 192–193 profi ling tools, 318 phpunit.XML, 194 Xdebug, 330–331 test databases, selecting, 192–194 XHProf, 331–333 PHPUnit Manual, 37 programming PHPUnit_Extensions_Database_DataSet_ conventions, 266–268 CompositeDataSet class, 205 EXtreme Programming (XP), swoodoo and, PHPUnit_Extensions_Database_DataSet_ 285–286 CsvDataSet class, 200 object-oriented programming (OOP), Digg QA PHPUnit_Extensions_Database_DataSet_ and, 93 DataSetFilter class, 204 pair programming (swoodoo), 290–291 PHPUnit_Extensions_Database_DataSet_ programming tests, vs. capture and replay, FlatXmlDataSet class, 199 240–241 PHPUnit_Extensions_Database_DataSet_IDataSet test-fi rst programming, 8 interface, 196 PROPFIND request (WebDAV), 133, 134 PHPUnit_Extensions_Database_DataSet_ PROPPATCH request (WebDAV), 133 ReplacementDataSet class, 207 protected methods, testing, 63, 66–68 PHPUnit_Extensions_Database_DataSet_ proxies, reverse, 277 XmlDataSet class, 197 Pryce, Nat, 9, 46 PHPUnit_Extensions_Database_DataSet_ PUT request (WebDAV), 133 YamlDataSet class, 201 Pylot, 318, 322–324 PHPUnit_Extensions_Database_DB_ IDatabaseConnection class, 203 PHPUnit_Extensions_Database_DefaultTester Q class, 218 PHPUnit_Extensions_Database_Operation_ quality assurance (QA). See also Digg quality assurance; Factory class, 210 studiVZ quality assurance PHPUnit_Extensions_Database_TestCase class, constructive quality assurance, 7–8 192–193, 215 quotes (double and single), delimiting strings and, 202 PHPUnit_Extensions_SeleniumTestCase quotes, delimiting strings and, 202 class, 229 PHPUnit_Framework_TestSuite, 146–147 R phpunit.XML fi le, 194 Pichler, Manuel, 14, 249 radical refactoring, 51 piece by piece development, 53 RATS (Rough Auditing Tool for Security), 262–263 pipe characters (| and |-), line breaks and, 202 reactivity, defi ned, 4 plugins, Nagios, 295–296 readability of websites, 304–305 PMD-CPD, 253 redirects, security and, 348 pop-ups, 312–313 refactoring Potencier, Fabien, 153 code clones and, 253–254 pound sign character (#), commenting data sets defi ned, 5, 253 and, 202 Digg QA and, 94 pprof-2calltree command line tool, 329, 330 vs. rewriting, 293–294 “Predicting Class Testability using Object-Oriented swoodoo and, 282, 285, 292 Metrics”, 10 TYPO3 and, 57–58, 61 priority of optimization, performance testing and, refl ection API, 68 339–340 regression testing, 220–222 production vs. development environments, 338 release management process (symfony), 154–155 profi ling, 324–333 reliability of web applications, 4 APD, 329–330 Remote Procedure Call (RPC) services, 116 basics of, 324–325 REPLACE operation (table setup), 211 Callgrind, 325–328 replacement decorator, 207–209 KCachegrind, 328–329 reporting, 272–273
373
bbindex.inddindex.indd 337373 33/31/2011/31/2011 111:41:581:41:58 AAMM requests – software
requests Selenium Apache Bench and, 321–322 acceptance tests and, 20, 139 reducing number of, 309 basics of, 19, 166 request methods (WebDAV), 132–133 extension of PHPUnit, 229–230, 241 RPS (requests per second), load testing and, 320 Selenium Grid, 229 resource-oriented web services, 116 Selenium Remote Control (RC), 228–229 Response objects, encapsulating output data in, studiVZ QA and, 226, 228–230, 235 45–46 Testing_SeleniumDSL 2.0, 245–246 RESTful resource-oriented services, 116 Selenium_Transformer application, 241 returnCallBack() method, 68–69 self-validating tests, 87 reverse proxy, 277 Separation of Concerns principle, 344–345 rewriting vs. refactoring, 293–294 servers RFCs (WebDAV) security and, 342–343, 346, 355 requirements analysis and, 135–136 testing (WebDAV), 137–138 TDD after, 136–137 Service Endpoint, 105 rights, security and, 345 service protocols (offl ine), testing, 122–126 Rombach, H. Dieter, 14 Service Query, 105 RPC (Remote Procedure Call) services, 116 service-oriented APIs, testing. See web service consumer Runkit, 93 components runTest() method (WebDAV), 145 service-oriented architecture (SOA), mocking, 104–107 session management, security and, 352 session_regenerate_id() function, 352 S setUp() method Selenium, 230 sar command line tool, 336 swoodoo, 297 save() method, 105–106 WebDAV, 144 Schlitt, Tobias, 14, 131 setupBackend() method (WebDAV), 148 Schneider, Kurt, 7, 14 sfBrowser class, 166–167 schülerVZ, 226–227 sfCache interface, 159 Scrum, 228 sfContext class, 156 security, 341–355. See also API credentials sfEventDispatcher class, 159 application success and, 4 sfFormTest.php suite, 83 broken authentication, session management and, sfViewCacheManager class, 158 352 SHA1, 350 cost of, 346–347 Shire, Brian, 317 CSRF/XSRF, 351 short methods, 9 error handling, 345–346 Shupp, Bill, 91 failure to restrict URL access, 349 side effects of functions/methods, 25 faulty source code, 347 Siege, 324 hiding used server details, 346 Silverback, 314 infrastructure planning and, 342–343 simpleConfiguration class, 81 injection, 354 SimpleTest, 81 insecure crytographic storage, 349–350 single quotes (‘), delimiting strings and, 202 insecure direct object references, 351–352 single responsibility principle (SRP), 9 insuffi cient transport layer protection, 348–349 singleton design pattern in PHP, 156–158 misconfi guration, 350 Sismo screenshot, 157 physical access, 343–344 Skårhøj, Kasper, 49, 50 rights, 345 slow tests, 84–85 Secure by Design paradigm basics, 342 SOA (service-oriented architecture), mocking, security, defi ned, 341–342 104–107 Separation of Concerns principle, 344–345 software software development, 344–346 agile methods and development of, 357 unvalidated redirects and forwards, 347–348 continuous deployment of, 276 XSS, 353–354 dependency injection, 255–259
374
bbindex.inddindex.indd 337474 33/31/2011/31/2011 111:41:581:41:58 AAMM Software Engineering – symfony
development, security and, 344–346 coding standards, 270–271 software artifacts, 255 legacy code, PEAR standard and, 269–270 swoodoo and, 285 programming conventions, 266–268 test code as, 240 syntax analysis, 270–271 Software Engineering — Product quality, 4 statistics collection, 335–336 software metrics strace, 334–335 basics of, 10–12, 254–262, 279 structs (ezcGraph component), 177–178 classes/interfaces/methods/functions in systems, stubs, defi ned, 36 256–258 studiVZ quality assurance, 225–247 classic metrics, defi ned, 255 acceptance tests, 227–228 Code Rank metrics, 261 atomic tests with dynamic test data, 234–235 Cyclomatic Complexity, 10, 258–259 capture and replay vs. programming, 240–241 Distance, 259, 260 DSL, creating and testing, 242–246 Instability and Abstraction, 259–260 general functionality or browser compatibility, 236 Lines of Code (LOC) metric, 255–256 introduction, 225–226 object-oriented metrics, 259–262 last-minute features, 239–240 RATS, 262–263 monolithic tests, 232–233 software artifacts, 255, 259–260 Selenium, 228–230 Software Process Improvement and Capability Selenium tests, 235 Determination (SPICE), 6 stabilizing locators/using IDs, 237–238 software quality static test users, 233–234 Clean Code, 8–9 studiVZ basics, 226–227 constructive quality assurance, 7–8 studiVZ technical setup, 230–232 developer tools, 12–14 test code is software, 240 external quality, 4 test scope, clarity of, 235–236 internal quality, 5 testers, importance of good, 242 overview, 3–4 tests, delay in fi xing, 236–237 software metrics. See software metrics tests, speed of, 238–239 technical debt, 5–7 Subject/Observer pattern, 102–103 software testing. See testing software Subversion, swoodoo and, 286 Software-Qualität: Testen, Analysieren und Verifi zieren Suhosin extension, 343 von Software, 2. Aufl age, 3 surfi ng tests, 87–88 SomeServiceTest class extends PHPUnit_ SVG (Scalable Vector Graphics), 180–181 Framework_TestCase, 121 swftophp tool, 184–185 Souders, Steve, 308, 309 swoodoo, 281–298 source code architecture, 298 duplicated (code clones), 12, 253–254 basics of, 281 faulty source code, security and, 347 changes in functionality, 291–292 SPICE (Software Process Improvement and Capability history of, 282–285 Determination), 6 incremental changes, 297 sprites (CSS), website usability and, 309 KISS mantra, 293, 296 SQL statements, testing and, 188–189 Nagios plugins in PHP, 295–296 static analysis, 253–263 naming classes and methods, 287 classic metrics, 255–259 pair programming, 290–291 code clones, 253–254 planning of new features, 288–289 object-oriented metrics, 259–262 switch to XP, 285–286 RATS, 262–263 TDD and, 285–286 refactoring, 253–254 unnecessary class constraints, 293–294 software metrics basics, 254 symfony, testing, 153–170 static method calls, testing and, 98–100 dependency injection container (symfony 2), 154 static test users, 233–234 frameworks, testing. See frameworks, testing static tests, 266–271 (symfony) basics of, 249–250 web applications, testing. See web applications, coding guidelines, 268–269 testing
375
bbindex.inddindex.indd 337575 33/31/2011/31/2011 111:41:581:41:58 AAMM symfony framework – tests.
symfony framework, 76, 80, 83 abstract classes, 66 syntax analysis, 271 code duplication and, 73 Sysstat, 336–337 Digg QA, 108–110 system metrics, 318–319, 334–338 dynamic tests, 272 system tests, 17–21 ezcGraph component. See ezcGraph component general techniques, 249–250 importance of, 153, 357 T PHPUnit and, 60–61 protected methods, 66–68 Table Data Gateway design patterns, 32–34 Subject/Observer pattern for, 102–103 TDD. See test-driven development (TDD) symfony. See symfony, testing TDD mantra, 54 test recipes (TYPO3), 64–69 team size, QA and, 93 test scope, necessity for clarity of, 235–236 tearDown() method testable code, writing, 98–100 swoodoo, 297 TYPO3 and, 51–52 WebDAV, 144, 145 web service consumer components. See web service technical debt, 5–7 consumer components test recipes websites, 313–314 TYPO3, 64–69 testing software, 15–46 WebDAV component, 141–142 acceptance tests, 20 test smells automated tests, 18–19 duplication in code and, 73 black box/white box tests, 15 obscure tests and, 78, 82–83 browser testing, 17–18 skipped tests and, 90 code dependencies, 24–25 surfi ng tests and, 88 databases, storing changes in, 41–42 unit testing case study, 72 encapsulating input data, 44–45 test suites encapsulating output data in Response objects, acceptance test suite, 146–147 45–46 CakePHP test suite, 87 global dependencies, avoiding, 31–32 ezcWebdavClientTestSuite, 146–147 number of tests required, 16–17 PHPUnit_Framework_TestSuite, 146–147 side effects, 25 running (symfony), 156 system tests, 17–21 sfFormTest.php suite, 83 test environments, setting up, 29–31 Zend_Db_Table test suite, 84 test isolation, 19–20 Zend_Session test suite, 86 test-driven development (TDD), 22 Zend_SessionTest suite, 86 testing asynchronous events, 37–41 test trails, 139–141 testing independently from data sources, 32–37 test*() methods, 142 unit test for MVC controller (example), Testability Explorer, 11 25–29 TestConfiguration.php, 118, 119 unit tests, 21–25 test:coverage task, 165 unpredictable results, 42–44 test-driven development (TDD) “Testing Your Privates”, 68 after RFC (WebDAV), 136–137 Testing_SeleniumDSL, 243–246 basics of, 8 Test::More library, 162 database testing and, 220 testOverflow() function, 97 swoodoo and, 285–286 tests. See also acceptance tests; functional tests; obscure TDD mantra, 54 tests; static tests; testing; unit tests testing binary data and, 179–180 automated tests, 18–19 testers, importance of, 242 black box tests, 15, 227 test-fi rst programming, 8 as documentation, 54–55 TestHelper.php, 118 eager tests, 74–76 testing. See also performance testing; test-driven end-to-end tests, 4, 46 development (TDD); tests front-end tests, 235, 239
376
bbindex.inddindex.indd 337676 33/31/2011/31/2011 111:41:581:41:58 AAMM Thomas – ViewRenderer class
general techniques, 249–250 mock overkill, 88–90 integration tests, 46, 77, 139 MVC controller example, 25–29 monolithic tests, 232–233 quality in, 71–72 programming tests vs. capture and replay, 240–241 self-validating tests, 87 vs. real code (symfony), 155–156 skipped tests, 90 speed of, 238–239 slow tests, 84–85 studiVZ QA, 234–235 test smells and, 72 surfi ng tests, 87–88 web applications, 162–165 system tests, 17–21, 358 web-surfi ng tests, 87–88 Thomas, Dave, 8 UNLOCK request (WebDAV), 133 timestamps, usability of websites and, 310–311 URL access, security and, 349 TinySVG standard, 180 usability, defi ned, 4, 301