kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'evn-add-neg-tests' into 'master'

Browse source 
Test for what should not be there as well

[ci skip]

See merge request gitlab-org/gitlab-ce!14492
This commit is contained in:
Robert Speicher 2017-09-28 13:43:05 +00:00
commit 06daba75aa
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/development/testing.md
View file

@ -150,6 +150,16 @@ always in-sync with the codebase.
[GitLab QA]: https://gitlab.com/gitlab-org/gitlab-qa [GitLab QA]: https://gitlab.com/gitlab-org/gitlab-qa
[part of GitLab Rails]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/qa [part of GitLab Rails]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/qa
## Test for what should not be there
This is particularly important for permission calls and might be called a
negative assertion: make sure only the bare minimum is returned and nothing else.
See an issue about [leaking tokens] as an example of a vulnerability that is
captured by such a test.
[leaking tokens]: https://gitlab.com/gitlab-org/gitlab-ce/issues/37948
## How to test at the correct level? ## How to test at the correct level?
As many things in life, deciding what to test at each level of testing is a As many things in life, deciding what to test at each level of testing is a