On Mon, Jun 3, 2013 at 7:20 AM, Jeroen De Dauw jeroendedauw@gmail.com wrote:
So my question is not "how do we write code that is maximally
testable", it is: does convenient testing provide sufficient benefits to outweigh the detrimental effect of making everything else inconvenient?
This contains the suggestion that testable code inherently is badly designed. That is certainly not the case. Good design and testability go hand in hand. One of the selling points of testing is that it strongly encourages you to create well designed software.
I've fixed several security bugs in the past year where we had unit tests covering the code. The code's author just didn't expect their code to be used in certain ways, which lead to the vulnerability. So speaking solely from a security perspective, testable/tested code is not always well designed code. I think everyone would agree with that, but from my perspective, I think the good design needs to trump the testability. I would guess that in most cases there shouldn't be a conflict, but I think there are times when it will come up.
On Mon, Jun 3, 2013 at 6:04 AM, Nikolas Everett neverett@wikimedia.org wrote:
- Build smaller components sensibly and carefully. The goal is to be
able to hold all of the component in your head at once and for the component to present such a clean API that when you mock it out tests are meaningful.
Yep. Very few security issues come up from a developer saying, "I'm going to chose a lower security option", and they attacker plows through it. It's almost always that the attacker is exploiting something that the developer didn't even consider in their design. So the more things that a developer needs to hold in their head from between the request and the response, the more likely vulnerabilities are going to be introduced. So simplifying some of our complex components and clearly documenting their security properties would be very helpful towards a more secure codebase. Adding layers of abstraction, without making the security easy to understand and demonstrate, will hurt us.