« back to Litmus main page

Litmus has a white box test suite adapted from Bugzilla that helps to catch some common mistakes, including compile-time errors, improper and unsafe use of the system() and exec() functions (the security hole in Bugzilla that led to a compromise of apache.org), the use of tabs in code files, syntax and compile errors in templates, and missing FILTER directives in template files.

Developers should generally ensure that the tests pass prior to checking in code.

Running the tests

To run the test suite, just run the

runtests.pl

script. Alternatively, a

make test

will also achieve the same result. The test scripts (located in litmus/t/) will run and the testing harness will produce a report of any failures. For more detail, pass the --verbose switch:

runtests.pl --verbose

to get a report of all test passes and failures. To save time and run only one specific test, give the test name or number as an argument to

runtests.pl

For instance, to run just the template filter test (005filter.t), run

runtests.pl 005

or

runtests.pl 005filter

The Template Filter Test

The template filter test (005filter.t) ensures that all variables used have been filtered to prevent cross-site scripting attacks. In some cases, this test may fail when unfiltered variables are known to be safe. In this situation, you can use the 'none' pseudofilter to silence the test failure:

[% foo FILTER none %]

or, if the variable is used often, add it to the filterexceptions.pl file located at /templates/en/default/filterexceptions.pl. See this file for details on format.

Zachlipton 12:05, 15 Nov 2005 (PST)