Open rugk opened 2 weeks ago
hey @rugk , can you please elaborate this issue more and can you please assign this to me?
What elaboration do you need?
Here there are more information on how to run the unit tests:
hey @rugk @elrido ,
These are the potential changes we can make to address the JavaScript test coverage issue :
Should I proceed with this? or do you guys have anything else in your mind.
If you can stomach it, personally I would prefer if you could focus on adding more test coverage. Would it be an option for you to do a first pass looking over for completely non-covered functions and of those the ones that either just read things from the DOM or that change the DOM? Those are relatively easy to test. Just create a minimal snippet of HTML that gets manipulated, i.e. by copying one from the source view of a live instance. Run the function, check for expected results.
There are areas that we can't test on a node environment, like the drag-n-drop APIs or those that autoselect text. Those are either browser-only APIs or simply not something one can easily detect from the DOM-tree properties alone.
To me, #198 seems more important then the mostly semantic changes of #365 - We have a history of spending a lot of time to refactor code without actually adding features. It's easy to get lost in a rabbit hole with these.
@elrido , got it so basically you need to add more test coverages. for example in AttachmentViewer.js we are handling attachments by setting, showing, hiding, and removing , previews and creating downloadable links. We can add more test coverages for Handling Special characters in filename, large file attachments, multiple attachments concurrently, etc.
right?
example :
let specialCharsClean = jsdom(),
specialCharsData = "data:" + mimeType + ";base64," + btoa(rawdata),
specialCharsResults = [];
specialCharsFilename = `special_chars_${specialCharsFilename}!@#$%^&*()_+=-{}[];:'"\\|,.<>?`;
$("body").html(
'<div id="attachment" role="alert" class="hidden alert ' +
'alert-info"><span class="glyphicon glyphicon-download-' +
'alt" aria-hidden="true"></span> <a class="alert-link">' +
'Download attachment</a></div><div id="attachmentPrevie' +
'w" class="hidden"></div>'
);
$.PrivateBin.AttachmentViewer.init();
$.PrivateBin.AttachmentViewer.setAttachment(
specialCharsData,
specialCharsFilename
);
const specialCharsAttachment =
$.PrivateBin.AttachmentViewer.getAttachment();
specialCharsResults.push(
specialCharsAttachment[1] === specialCharsFilename
);
The AttachmentViewer is already well covered, except for the parts like this one: AttachmentViewer
These are APIs (drag-n-drop, clip-board) that are not emulated by the jsDOM framework under node.
Also, we already generate random input using the jsVerify framework, so special chars should already be covered by the existing test (string
covers any valid unicode sequence):
https://github.com/PrivateBin/PrivateBin/blob/2324e83b84fb8f682d057dbe038f8b5849f8db61/js/test/AttachmentViewer.js#L8-L15
New tests should ideally get written to leverage the same technique and work with fuzzed input. This is explained in more detail in the development link rugk shared above and you can find the existing assets we created in the common.js: https://github.com/PrivateBin/PrivateBin/blob/2324e83b84fb8f682d057dbe038f8b5849f8db61/js/common.js#L85-L154
I think a good candidate to start at is TopNav, where there are no tests yet from rawText onwards (but skip updateExpiration and updateFormat - those are specific for the bootstrap(3) template and should get removed when we cleanup that template)
Got it!
Hello @elrido , I just raised PR #1338 . I added a small update for the rawText function. I made a few changes based on my understanding so far. Could you please check if everything is okay? regards.
Thank you, it checks out and did increase our code coverage. For that particular function there is not much more to test. Many of those TopNav functions simply hide or display sets of related navigation elements.
@ankiiisharma Weirdly, your new test did pass on the machine I tested it on, but failed when running the full test suite in github actions. Digging in, I realized that a) your test would target more the TopNav.hideAllButtons
function, so I renamed it to that and b) TopNav.rawText
is a private function that you can't call directly. But you can trigger it through a click event on the button that the TopNav.init
will register it on:
Finally, and that took me some trial and error to work out, this function interacts with the window.location URL and the window.history, so I needed to also reset the Helper and setup jsdom for URL handling. It's been a while since I've been writing these and my memory on dealing with these types of interactions has been getting a bit hazy.
This latter test could be improved by feeding PasteViewer.setText
with random strings, but the validation would have to be more lenient, since rawText uses dompurify to sanitize malicious content before injecting it into the pre-tag. We'd essentially be testing dompurify, so I thought a validation that the DOM gets updated and the sample inserted into a pre-tag is a sufficient test for now.
Hey @elrido , sorry about that. Even i checked this function individually and it was running well. Let me check this.
I think they are fine for now and you can certainly move on and go for another one. I'll now again better understand what to look for when reviewing these. Just wanted to share with you my findings, so that you can benefit as well.
The problem
The code coverage of the JS tests is lacking…
That was written in an aftermath of a buggy release, we think we should probably improve the code here.
The solution
Alternatives
N/A e2e testing is related, but IMHO not strictly an alternative: https://github.com/PrivateBin/PrivateBin/issues/1335
Additional context
This issue has been discovered as a lessons learned from previous releases, which often had bugs being introduced. To have more confidence on code changes etc.
The important bit: Dear reader, if you feel like this is a thing you could contribute knowledge or actually doing it, feel free to comment here and help! This will greatly help the PrivateBin project. Also, as said above, you can start small and just contribute one or two tests and it will help the coverage to increase!