Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand and Enhance Spring and Unit Testing Coverage #145

Open
tommathee opened this issue May 9, 2024 · 1 comment
Open

Expand and Enhance Spring and Unit Testing Coverage #145

tommathee opened this issue May 9, 2024 · 1 comment
Labels
good first issue Good for newcomers

Comments

@tommathee
Copy link

The current suite of Spring and Unit tests for the OWASP Application Gateway is limited primarily to basic functionality checks, such as ensuring that collections are not empty upon initialization. This minimal coverage is insufficient for verifying the complex functionalities and security features of the gateway. To ensure robustness and reliability, comprehensive testing that covers all critical paths and potential edge cases is necessary.

Current Testing Limitations:

  • Tests predominantly cover basic initialization and simple functionality.
  • Lack of comprehensive coverage for security protocols, redirection logic, method whitelisting, CSRF protection, and XSS defenses.
  • Insufficient error handling scenarios and negative testing.

Expected Improvements:

  • Extensive coverage of all functionalities, especially security-related features.
  • Detailed testing of all configuration possibilities and their impacts on gateway behavior.
  • Inclusion of negative test cases and error handling scenarios to ensure the gateway's resilience and robustness.

Suggested Enhancements:

Comprehensive Functionality Testing:

  • Implement tests that cover all security features.
  • Validate configuration loading and parsing logic to ensure that all settings are applied correctly and have the expected effects on gateway operations.

Security Protocol Testing:

  • Develop tests that simulate attack scenarios to ensure that security measures are effectively blocking unauthorized actions.
  • Include tests for new security features as they are developed to maintain a continually evolving test suite.

Negative Testing and Error Handling:

  • Introduce negative testing scenarios that attempt to break the system or bypass security controls.
  • Enhance testing for error handling to ensure that all potential errors are managed gracefully and logged appropriately.
@Padi-owasp Padi-owasp added the good first issue Good for newcomers label May 11, 2024
@Padi-owasp
Copy link
Member

This one is a generic request for improved testing. At the moment I do not treat this a priority, so I guess it will take a lot of time until it is addressed unless there are many upvotes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tommathee @Padi-owasp