DEEP ORACLES Multiplying the Value of Automated Tests [email protected] @EmanuilSlavov 

What is an Oracle? 

“a test oracle, is a mechanism for determining whether a test has passed or failed” - Wikipedia A deep oracle is a mechanism to detect problems, even if a test has passed. @EmanuilSlavov 

The following techniques are suitable for high level automated tests on fully deployed application. 

The Problem 

Automated test are suitable only for regression testing Automated test can not find any new bugs Automated tests give false sense of quality @EmanuilSlavov 

Make the existing automated tests able to detect unseen and unexpected defects. @EmanuilSlavov 

Flaky Tests 

for i in {1..100}; do if ! execute_test ; then break; fi; done; Single test execution command Stop if the test fails even once Run it 100 times 

In the majority of the cases the fault is in the test, but sometimes it’s not… @EmanuilSlavov 

Investigate every flaky test and you may find… @EmanuilSlavov 

Configuration Problems Misconfigured load balancer External resources fail to load on time - e.g. JS library DB connection pool with limited capacity @EmanuilSlavov 

Application Problems Thread unsafe code Lack of retries in a distributed system DB connections not closed after use @EmanuilSlavov 

Random Data 

@EmanuilSlavov 

Eum odit omnis impedit officia adipisci id non. random tweet '' Random Sentence Constant String Special Character random tweet Provident ipsa dolor excepturi quo asperiores animi. @someMention & random tweet Dignissimos eos accusamus aut ratione [email protected] random tweet Ut optio illum libero. Natus accusantium aliquam dolore atque voluptatum et a. http://ryanpacocha.biz/nikita random tweet @EmanuilSlavov 

Service Virtualization Application Facebook Paypal Amazon S3 @EmanuilSlavov 

Facebook Application Paypal Amazon S3 Proxy* Service Virtualization *github.com/emanuil/nagual 

@EmanuilSlavov 

Tests should be able to generate all the data that they need. @EmanuilSlavov random 

Attack Proxy 

App Test HTTP @EmanuilSlavov 

App AttackProxy Test @EmanuilSlavov 

https://api-tier.komfo.net/komfo_core/api/publish?client_id=93&team_id=981 Host: api-tier.komfo.net Content-Type: application/x-www-form-urlencoded Api-Token: 59203-242eab327550693c4b791dc01 Referer: https://web-tier.komfo.net/komfo_core/publish/composer Content-Length: 538 { "message":"Good evening everyone", "post_ad_lifetime":"0", "permission": {"type":"everyone"}, "targets":"fb_1211718002161534", "type":"status", "is_published":1, "limit_audience_options": {“ageFrom”:13,”ageTo":65,"gender":0} } SQL Injection Payloads ' '' # - - - ‘%20; ' and 1='1 ' and a='a or 1=1 or true like ‘%' ') or ‘1'='1 ' UNION ALL SELECT 1 @EmanuilSlavov 

A Tool vs Your Tests XSS here Your tests know how to navigate your app better. @EmanuilSlavov 

A dedicated testing environment is needed for the next set of techniques. 

The Faults in Our Logs @EmanuilSlavov 

The usual test relies on assertions at the last step Code execution may continue after the last step Some exceptions are caught, logged and never acted upon Look for unexpected error/exceptions in the app logs @EmanuilSlavov 

@EmanuilSlavov 

Known Exceptions are Excluded @EmanuilSlavov 

If all tests pass, but there are unexpected exceptions in the logs, then fail the test run and investigate. @EmanuilSlavov 

Bad Data 

What is Bad Data?* Missing Bad Format Unrealistic Unsynchronized Conflicting Duplicated * The Quartz guide to bad data
 github.com/Quartz/bad-data-guide 

Bad data depends on the context. @EmanuilSlavov 

One of those values was zero (0) @EmanuilSlavov If we see bad data in production we add a check for it. 

Custom Data Integrity Checks @EmanuilSlavov 

If all tests pass, but there is bad data, then fail the test run and investigate. @EmanuilSlavov 

Application Metrics 

Record various application stats after each test run Easy on dedicated environment, especially with containers With fast tests* you can tie perf bottlenecks to specific commits *Check my talk called “Need for Speed” 

0 900 1800 2700 3600 App Log File: Lines After Each Commit 54% increase @EmanuilSlavov 

0 11500 23000 34500 46000 Total Mongo Queries: Count After Each Commit 26% increase @EmanuilSlavov 

Logs: lines, size, exceptions/errors count DB: read/write queries, transaction time, network connections OS: peak CPU and memory usage, swap size, disk i/o Network: 3rd party API calls, packets counts, DNS queries Language Specific: objects created, threads count, GC runs, heap size What data to collect after a test run is completed… 

Recommended Reading 

No content

No content

FALCON.IO WE’RE HIRING. Sofia · Copenhagen · Budapest 

@EmanuilSlavov EmanuilSlavov.com 

19%of Falcon’s backend exceptions are caused by bad data @EmanuilSlavov 

One of those values was zero (0) @EmanuilSlavov