On Mon, Jun 3, 2013 at 7:20 AM, Jeroen De Dauw <jeroendedauw(a)gmail.com> wrote:
So my question is not "how do we write code that
is maximally
testable", it is: does convenient testing
provide sufficient benefits
to outweigh the detrimental effect of making everything else inconvenient?
This contains the suggestion that testable code inherently is badly
designed. That is certainly not the case. Good design and testability go
hand in hand. One of the selling points of testing is that it strongly
encourages you to create well designed software.
I've fixed several security bugs in the past year where we had unit
tests covering the code. The code's author just didn't expect their
code to be used in certain ways, which lead to the vulnerability. So
speaking solely from a security perspective, testable/tested code is
not always well designed code. I think everyone would agree with that,
but from my perspective, I think the good design needs to trump the
testability. I would guess that in most cases there shouldn't be a
conflict, but I think there are times when it will come up.
On Mon, Jun 3, 2013 at 6:04 AM, Nikolas Everett <neverett(a)wikimedia.org> wrote:
2. Build smaller components sensibly and carefully.
The goal is to be
able to hold all of the component in your head at once and for the
component to present such a clean API that when you mock it out tests are
meaningful.
Yep. Very few security issues come up from a developer saying, "I'm
going to chose a lower security option", and they attacker plows
through it. It's almost always that the attacker is exploiting
something that the developer didn't even consider in their design. So
the more things that a developer needs to hold in their head from
between the request and the response, the more likely vulnerabilities
are going to be introduced. So simplifying some of our complex
components and clearly documenting their security properties would be
very helpful towards a more secure codebase. Adding layers of
abstraction, without making the security easy to understand and
demonstrate, will hurt us.