One great advantage of developing a test framework in a scripting language like Ruby is that it allows you to glue together different types of tests in a single framework.
Here’s a perfect example.
I had to write a test checking all the log files in a directory structure for a text string (in this case, a password). In other words, I wanted to make sure the password wasn’t stored in plain text anywhere in the log files. I found that Powershell has some awesome tools for doing this type of search on a Windows machine. So, I wrote a Powershell script to search the directory, and if a match is found, it creates a “fail.txt” file:
if (test-path fail.txt)
{
del fail.txt
}
$adminSearch = dir -rec -filter *.log 'c:\windows\temp' |
select-string "PASSWORD=thisisthepassword"
if (!$adminSearch)
{
Write-Output("pass")
}
else
{
Write-Output("fail")
Write-Output([string]$adminSearch.count + " instances of passwords in log files: ") |
out-file -encoding ASCII -filepath fail.txt
Write-Output($adminSearch) | out-file -append -noclobber -encoding ASCII -filepath fail.txt
}
This done, I then write a Ruby/RSpec script that simply checks for the existence of the fail.txt file:
require 'spec'
describe "Information Disclosure Prevention" do
it "Should not show passwords in plain text" do
system("powershell.exe -File ./lib/passwordsearch.ps1 -command \"& {set-executionpolicy unrestricted}\"")
result = FileTest.exists?("fail.txt")
result.should == false
end
end
And that’s it. As you can see, it’s easy to wrap RSpec examples inside any command/script that can be run from the command line.
No comments:
Post a Comment