SENG 275 Midterm 2 Spring 2022 Solutions
pdf
keyboard_arrow_up
School
University of Victoria *
*We aren’t endorsed by this school
Course
SENG-275
Subject
Industrial Engineering
Date
Feb 20, 2024
Type
Pages
7
Uploaded by jackadewey
SENG 275 Spring 2022 – Instructor: Dr. Storey Midterm #2 Exam (max duration: 75 minutes) April 4th, 2022 Student ID Number______________________________ Student Name__________________________________ Student Signature__________________________________ Instructions: This exam is a closed book, no notes, no calculator, no cellphone, no device exam. This midterm will be marked out of 60 marks. For all questions write your answers on the exam and hand in all pages of the exam. There are 6 questions in total. Point form answers are acceptable. You should attempt all questions. There should be 7 pages including this page, please check you have all pages before you begin. Please write your student number and name at the top of this page, and sign in the space provided. If you use the back of the pages for your answers, make sure you indicate so on the front side. Note: You may not leave during the last 10 minutes of the exam. Good luck! Question 1: Web Testing /10 Question 2: Test Doubles /10 Question 3: Design by contracts /10 Question 4: Property based testing /10 Question 5: Test quality /10 Question 6: Code Reviews and Security /10 Total: /60 1
1.Web Testing (10 marks) – (These are typical of Interview questions by the way ) a) In our course we have discussed the importance of several primary concerns for web testing
. List three important concerns for web testing and justify (argue) why you consider these are important concerns to consider for web testing in particular. (6 marks) Important concern for web testing: Why is this important? Possible answers! Usability testing Accessibility testing Cross browser testing (mobile, responsive web design) Performance testing Load testing Security testing (will discuss this later) Visual regression testing Web is about users Users have different needs - often required People use different browsers, devices How it will perform with lots of data With lots of users at peak times Easy to inject vulnerabilities in javascript on the web - often have credentials to log in Need to make sure things look as they expect… b) Describe and compare how and when you could use the Selenium IDE and the Selenium Webdriver for web testing. (4 marks) Selenium IDE: How: tool for recording test cases and playback of those tests, can save them for later use (limited for building tests, not used so much anymore) When: testing a website when you may not be a programmer or want to test it thinking about scenarios of the site is used - but supports embedded scripts and now code exports (to be used in web driver) Selenium Webdriver: How: tool for writing test cases in a programmatic fashion - controls web browser from the OS level (industry standard, W3C, all main browsers support it) When: unit testing, as a web programmer – can use inspect on webpage to get access to xcode and work with web elements 2
2. Test Doubles (10 marks) a) Describe briefly why and how you could make use of the Mockito doubles testing framework to implement each of the following types of Test Doubles. (8 marks) Test double Why use this type of test double? How to use Mockito for this? Dummies Variable needed as input parameter to make code compile (Never actually used) (1.0) mock(Name.class); (0.5) Stubs Need to implement a hardcoded return (0.5) Don't care about nature of interactions (0.5) mock(Name.class); (0.5) when( ).thenReturn( ); (0.5) Mocks Need to implement a hardcoded return (0.5) Want to verify the nature of interactions (0.5) mock(Name.class); (0.5) when( ).thenReturn( ); (0.5) verify( ); (0.5) Spies Wrapper around an actual object (0.5) Used to verify the nature of its interactions (0.5) spy(Name.class); (0.5) verify( ); (0.5) b) A developer would not use Mockito to implement Fakes
. Explain why. (2 marks) Similar to dummies, would not tend to use Mockito for your fake. You create an object that has a simpler implementation (e.g., InvoiceDAO without accessing the database). 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3. Design by Contracts (10 marks) a. In the following code, which assertions could be turned into an invariant
? First, clearly define what an invariant is, and then identify which assertion(s) can be turned into an invariant in the code and justify your selection. (5 marks) Definition of an invariant: (3) Invariants are conditions that have to hold before and after a (public) methods executions in a class Which assertion(s) on the left can be turned into an invariant, explain why: (2) Assert board != null is the only invariant Preconditions: x and y Postcondition: result Notes: Preconditions in a method must hold before the method is fully executed (in this case x and y must both be >= 0 as well as x < board.length and y<board[x].length) A postcondition is a condition or predicate that must always be true just after the execution of some section of code b. A developer has been tasked to implement tests for ArrayList and LinkedList classes that both inherit from List. The developer implements tests as shown in the diagram below. Using the Liskov Substitution principle argue convincingly if this is a good or poor design. (5 marks) According to the Liskov Substitution principle: By changing the design in this way, the subtypes can be substituted for their base type. Need a ListTest class for List. Common functionality between the ArrayList and LinkedList should be tested at the parent level. 4
4. Property based testing (10 marks) Below you see our old friend “FizzBuzz”! Below this code, write how you would use Property based testing to test the Fizz (divBy3) requirement only. Use the @Property and @Provide annotations in your solution. Note your solution doesn’t need to compile. @Property void testFizz ( @ForAll (“divisibleByThree”) int n){ assertThat(FizzBuzz.fizzbuzz(n)).equals(“Buzz”); } [5] @Provide Arbitrary<Integer> divisibleByThree ( ) { return Arbitraries.integers().filter( n -> n > 0 && n%3 == 0 && n%5 !=0); } [5] 5
5. Designing for Testability and Design Quality (10 marks) (a) Consider this design for an implementation of a program that copies input from the keyboard and writes the output to a printer. Using the dependency inversion principle
, sketch how you can change the design to support the addition of other input and output devices. (4 marks) (b) Using terminology used in industry (and as discussed in our course), list two test code smells and what you could do to remove or avoid them. (6 marks) Test code smell name: How to avoid it Code duplication Assertion roulette Resource optimism Test run war Inappropriate assertions Mystery guest Other possible answers: General fixture Sensitive equality Indirect tests Eager tests Extract code to methods Split into multiple test cases Be explicit about external resources, don’t assume By having tests that don’t compete for same resources Choose more appropriate assertions, specific to need Make dependencies explicit; ensure guest is in correct state See notes… 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
6. Code Review and Security testing (10 marks) You need to design a code review checklist to help your teammates review code changes for a Web app that you all work on. Your business requires the app to be reliable
, secure
, and to protect customer and financial data. List and describe 5 items you would add to the checklist that ensures the code submitted for review meets these requirements: Your code review checklist for a Web app Security: at least one of the following Does this code open the software up for security vulnerabilities? If code deals with user input, does it address security vulnerabilities such as cross-site scripting, SQL injection, does it do input sanitization and validation? Is data retrieved from external APIs or libraries checked accordingly? Privacy/security of customer data: at least one of the following Are authorization and authentication handled in the right way? Is sensitive data like user data, credit card information securely handled and stored? Is the right encryption used? Does this code change reveal some secret information like keys, passwords, or usernames? Reliability: at least one of the following Can you think of any inputs or external events that could break the code? Do you think this code change will impact system performance in a negative way? Do you see any potential to improve the performance of the code? Is the code testable? Does it have enough automated tests (unit/integration/system tests)? Do the existing tests reasonably cover the code change? Are there some test cases, input or edge cases that should be tested in addition? Other two from https://bright.uvic.ca/d2l/le/lessons/196295/topics/1648924 that are more specific to web apps but that also apply to security, privacy or reliability of the web app. Note vague code review checklist items that don’t specifically apply to the requirements mentioned got 1 point. Some answers were about testing not about “code” review. 7