• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CodeIgniter Unit Testing class - best practices/security

#1
I have only 1 Controller in my CodeIgniter system named "Snacks" that replaced the default "Welcome" controller.

Although it is procedural, coupling is removed almost completely and there are many private methods so implementation details are almost always
in a private method devoted to that focused particular task.

I would like to test some of these key private methods that hold implentation details.

I am using CodeIgniter's Unit Testing Class: $this->load->library('unit_test');

I created a public method:"unit_test()" in the "Snacks" controler.

Now when I run my unit test in Chrome via my local webserver:
http://localhost/snacks/html/index.php/snacks/unit_test
(see attachment)


Everything is alll good and the two unit tests I performed passed just fine.
an example command: $this->unit->run($vote_snack_data, 'is_array', 'retrieve vote counts from local MySQL DB');

Everything seems to be working but I had some questions:

1) Isn't this an INsecure way to Unit Test? Couldn't a visitor guess the URI segment "unit_test" and visit that url and then gain sensitive info?
http://localhost/snacks/html/index.php/snacks/unit_test

2) I have experience using PHPUnit with a custom codebase. In that situation the "test" directory that PHPUnit uses resides one-level above the html directory.
With PHPUnit there are no testing scripts in "html" directory but one-level up in a "test" directory.
You can't get a Codeinigniter instance outside where the codebase is installed (or at least it's an ugly fix) so I stopped trying to implement PHPUnit with CodeIgniter.
In the end, I went with CodeIgniter Unit Testing class over PHPUnit because it seemed to be the path of least resistence and a good compromise.

*** I guess both questions #1 and #2 revolve around where I should place my CodeIgniter Unit Test Class scripts? For security and best practice.


Attached Files Thumbnail(s)
   
Reply

#2
Yes, I wouldn't recommend doing it the way you do it.

There is a great testing system built by a guy you will run into often on this forum for php unit. You can see it here:

https://github.com/kenjis/ci-phpunit-test
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
Reply

#3
(02-08-2017, 04:24 PM)albertleao Wrote: Yes, I wouldn't recommend doing it the way you do it.

There is a great testing system built by a guy you will run into often on this forum for php unit. You can see it here:

https://github.com/kenjis/ci-phpunit-test

Big Grin  Thanks! Will look into this ASAP. From now on it's PHPUnit with CI 

I'm still wondering how I would go about using CI unit testing library. If I have my tests in a public method in same controller it's testing and that is definitely wrong, how would I go about putting it in a safer spot.

To make request to public method "unit_test()" more secure, I could display nothing to browser and no response for request... just send an emaiil if something is wrong or write to a log file... how would you approach such a dilemma?

The documentation for unit testing did not mention a best practice for this.
https://www.codeigniter.com/user_guide/l...sting.html

Thanks again.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.