V Tue, 18 Dec 2018 10:38:51 +0100 Ancor Gonzalez Sosa <[email protected]> napsáno:
> On 12/18/18 10:30 AM, Josef Reidinger wrote: > > V Tue, 18 Dec 2018 08:51:48 +0000 > > Arvin Schnell <[email protected]> napsáno: > > > >> Hi, > >> > >> I see again and again regressions due to simple mistakes, > >> e.g. bsc #1119678 or bsc #1119699. Apparently code reviews, unit > >> tests nor rubocop did help in these cases (although the reviewers > >> found quite some mistakes in > >> https://github.com/yast/yast-yast2/pull/872). > >> > >> Real tests would have helped but it seems as if those were not > >> done. Even simple static code analysis would have prevented those > >> two bugs but we do not have it for Ruby. > >> > >> So what can be done to avoid such regressions in the future? Or > >> do we just bury our heads in the sand? > > > > Ideally all modified code should be covered by tests, but in thiscase we > > get security audit with stuff to fix which is too huge to be done with > > proper test coverage. And also this parts of code was quite old and almost > > not covered by tests ( even old ones ). So in this case to prevent > > potential security which need a lot of changes ( 500 just in shell > > injection and relative paths ) I do not do proper unit testing which will > > otherwise shows this issues. So answer is as usual unit testing and as last > > stand before customers openQA ( which in this case works well, as I see all > > bugs are caught by it ). It just need time when working with old code to > > cover changes properly and sadly in this case we did not have time. > > "all bugs are caught by it" sounds pretty optimistic. ;-) > > BTW, it would be nice to have test coverage information for openQA. > > Cheers. Sorry, one word missing "all mentioned bugs are caught by it" :) Josef -- To unsubscribe, e-mail: [email protected] To contact the owner, e-mail: [email protected]
