Improving Test Case Generation for Web Applications Using Automated - PowerPoint PPT Presentation

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso Georgia Institute of Technology

Web Application Overview Request Web http://host?login=alice&pin=1234 Application DB HTML HTML Pages Servlets End Users Web Server Other Systems

Testing Web Applications Parameter grouping public void write(File outfile, String buffer, int length) Domain information

Testing Web Applications void main(Request req) String formAction = req.getParam(“formAction”) if (formAction.equals(“chooseLogin”)) String requestedLogin = req.getParam(“login”) int pin = getNumParam(req, “pin”) registerLogin(requestedLogin, pin) // generate second registration page else if (formAction.equals(“personalInfo”)) String name = req.getParam(“name”) int zip = getNumParam(req, “zip”) if (zip == 30318) finishRegistration(id, name) else error(“You do not live in 30318”) else // generate initial registration page int getNumParam(Request req, String paramName) String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

Approaches to Web Application Testing Developer-specified models Black-box analysis Ricca and Tonella, ICSE 2001 Huang et. al., WWW 2003 Elbaum et. al., WODA 2006 Captured user-sessions Kallepalli and Tian, TSE 2001 Static code analysis Sprenkle et. al., ASE 2006 Deng et al., SEN 2004 Elbaum et. al., ICSE 2003

Goal of Our Approach Web Application Interfaces HTML Servlets • Input parameters • Domain information Develop a technique to automatically discover all of the interfaces to a web application

Presentation Outline • Definitions • Interface Discovery Algorithm • Empirical Evaluation • Conclusions and Future Work

void main(Request req) String formAction = req.getParam(“formAction”) if (formAction.equals(“chooseLogin”)) http://host?login=alice&pin=1234 String requestedLogin = req.getParam(“login”) Definitions: int pin = getNumParam(req, “pin”) registerLogin(requestedLogin, pin) 1. Input Parameter else if (formAction.equals(“personalInfo”)) String name = req.getParam(“name”) int zip = getNumParam(req, “zip”) if (zip == 30318) finishRegistration(id, name) else error(“You do not live in 30318”) else … int getNumParam(Request req, String paramName) String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

void main(Request req) String formAction = req.getParam(“formAction”) if (formAction.equals(“chooseLogin”)) String requestedLogin = req.getParam(“login”) Definitions: int pin = getNumParam(req, “pin”) registerLogin(requestedLogin, pin) 1. Input Parameter else if (formAction.equals(“personalInfo”)) 2. Parameter Function String name = req.getParam(“name”) int zip = getNumParam(req, “zip”) if (zip == 30318) finishRegistration(id, name) else error(“You do not live in 30318”) else … int getNumParam(Request req, String paramName) String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

void main(Request req) String formAction = req.getParam(“formAction”) if (formAction.equals(“chooseLogin”)) String requestedLogin = req.getParam(“login”) Definitions: int pin = getNumParam(req, “pin”) registerLogin(requestedLogin, pin) 1. Input Parameter else if (formAction.equals(“personalInfo”)) 2. Parameter Function String name = req.getParam(“name”) 3. Domain Operations int zip = getNumParam(req, “zip”) if (zip == 30318) finishRegistration(id, name) else error(“You do not live in 30318”) else … int getNumParam(Request req, String paramName) String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

void main(Request req) String formAction = req.getParam(“formAction”) if (formAction.equals(“chooseLogin”)) String requestedLogin = req.getParam(“login”) Definitions: int pin = getNumParam(req, “pin”) registerLogin(requestedLogin, pin) 1. Input Parameter else if (formAction.equals(“personalInfo”)) 2. Parameter Function String name = req.getParam(“name”) 3. Domain Operations int zip = getNumParam(req, “zip”) 4. Web Interface if (zip == 30318) finishRegistration(id, name) else error(“You do not live in 30318”) else … int getNumParam(Request req, String paramName) String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

Interface Discovery Algorithm Web Application HTML Phase 1 Phase 2 Interfaces Servlets Phase 1: Compute domain information for each Input Parameter Phase 2: Identify names of Input Parameters and group them into distinct interfaces

Phase 1: Compute Domain Information Web Application Web Application HTML Phase 1 with domain information annotations Servlets For each call to a Parameter Function: 1. Infer domain information by • Following def-use chains involving the return value • Considering operations performed on the uses 2. Annotate call site accordingly

void main(Request req) Phase 1 String formAction = req.getParam("formAction”) Extract domain if (formAction.equals("chooseLogin” )) information. String requestedLogin = req.getParam("login") int pin = getNumParam(req, "pin") String “chooseLogin” registerLogin(requestedLogin, pin) “personalInfo” else if (formAction.equals("personalInfo")) String name = req.getParameter("name") String int zip = getNumParam(req, "zip") if (zip == 30318) Numeric finishRegistration(id, name) else String error("You do not live in 30318" ) Numeric else … “30318” int getNumParam(Request req, String paramName) Numeric String paramValue = req.getParam(paramName) int param = Integer.parseInt(paramValue) return param

Improving Test Case Generation for Web Applications Using Automated - PowerPoint PPT Presentation

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso Georgia Institute of Technology Web Application Overview Request Web http://host?login=alice&pin=1234

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

MODEL-BASED, MUTATION-DRIVEN TEST CASE GENERATION VIA HEURISTIC-GUIDED BRANCHING SEARCH Andreas

Applications of SMT to Test Generation Patrice Godefroid Microsoft Research SAT/SMT Summer

A Metaheuristic Approach to Test Sequence Generation for GUI-based Applications Sebastian

Dirty Tests Practise improving brittle, complicated, incomprehensible automated tests The case

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

A UML-Based Testing Approach Using Sequence Diagrams, Statecharts, and OCL Constraints Dehla

RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

Combinatorial Test Set Generation: Concepts, Implementation, Case Study Drs. Vadim V. Zaytsev

Software Testing Testing: Our Experiences Test Case Software to be tested Output 1 When to

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 ugger 2

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

UML-Based Statistical Test Case Generation Matthias Riebisch, Ilka Philippow, Marco Gtze

Current Status Joanna Kocot, Tomasz Szepieniec, Hubert Siejkowski ACC Cyfronet AGH

Guided Pathways: An Overview Lisa Garcia-Hanson SBCTC Student Success Center Director

2019 Application Workshop Midwest Artist Project Services Co-Founders: Brigid Flynn & Liz

ENVIRONMENTAL REVIEW PROCESS Gateway Pacific Terminal and Burlington Northern Santa Fe Custer

An Approach of a Research Tool based in a Shamanic Interface What is a shamanic interface?

MAPS LTE X2 Interface Emulator LTE X2 Application Protocol Interface Emulation 818 West

Kick Off December 12, 2018 Disclaimer This presentation was current at the time it was published

INTERFACE Presented by Brian Begley www.encloud9.com Dynamics 365 Cloud Customer

Improving Test Case Generation for Web Applications Using Automated - PowerPoint PPT Presentation

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso Georgia Institute of Technology Web Application Overview Request Web http://host?login=alice&pin=1234

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

MODEL-BASED, MUTATION-DRIVEN TEST CASE GENERATION VIA HEURISTIC-GUIDED BRANCHING SEARCH Andreas

Applications of SMT to Test Generation Patrice Godefroid Microsoft Research SAT/SMT Summer

A Metaheuristic Approach to Test Sequence Generation for GUI-based Applications Sebastian

Dirty Tests Practise improving brittle, complicated, incomprehensible automated tests The case

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

A UML-Based Testing Approach Using Sequence Diagrams, Statecharts, and OCL Constraints Dehla

RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

Combinatorial Test Set Generation: Concepts, Implementation, Case Study Drs. Vadim V. Zaytsev

Software Testing Testing: Our Experiences Test Case Software to be tested Output 1 When to

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 ugger 2

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

UML-Based Statistical Test Case Generation Matthias Riebisch, Ilka Philippow, Marco Gtze

Current Status Joanna Kocot, Tomasz Szepieniec, Hubert Siejkowski ACC Cyfronet AGH

Guided Pathways: An Overview Lisa Garcia-Hanson SBCTC Student Success Center Director

2019 Application Workshop Midwest Artist Project Services Co-Founders: Brigid Flynn &amp; Liz

ENVIRONMENTAL REVIEW PROCESS Gateway Pacific Terminal and Burlington Northern Santa Fe Custer

An Approach of a Research Tool based in a Shamanic Interface What is a shamanic interface?

MAPS LTE X2 Interface Emulator LTE X2 Application Protocol Interface Emulation 818 West

Kick Off December 12, 2018 Disclaimer This presentation was current at the time it was published

INTERFACE Presented by Brian Begley www.encloud9.com Dynamics 365 Cloud Customer

2019 Application Workshop Midwest Artist Project Services Co-Founders: Brigid Flynn & Liz