James Hughes schrieb:
[...]
> In relation to the testing I was wondering how can we ensure a
> sufficient level of code coverage in the testing of any application.
> Are there scenarios that could easily be missed because we don't
> simulate the conditions that cause some piece of code/method to get
> dynamically generated and executed thus giving rise to very
> unexpected behaviour in an application.

that is a general testing problem, or not? I mean you could always have
the case that you have code somewhere, that waits for a certain
condition to be fullfilled and your tests do not cover that. There are
code coverage reports, but if the test is more than a simple if-block
with changing constraints, then those coverage tests won't do it too.

Sure, the way is a bit different, the art is the same... Maybe source on
extreme programming in Ruby would help... I know there are several books
like that out there. I guess Dierk König would be able to answer this
very good, since he is involved with the XP scene quite a bit.

[...]
> In relation to security, I was wondering if the black hat guys are
> sitting out there with ways to hack into organisations and finding
> ways to dynamically run snippets of code in the Groovy environment.
> Its always an issue trying to stop people getting in to your
> environment in the first place, but do applicaitons based on this
> type of technology make it any easier for the bad guys to do damage
> once they are in??

what means "once they are in"? Usually this means to get root rights and
a console. Then they can do anything, uncluding hiding their traces.
Then there are also cases of for example sql injection, where they alter
the tables to for example lower the prize o a product... In the same
category would then maybe be dynamic code injection, where source code
is injected. But that is not a problem special to Groovy or special to
dynamic languages, that is a problem that is possible for any language
with scripting abilities... But in both cases of injection it is crucial
to not to have code (being sql or something else) in http requests and
to check all data that is given through the user. Another case of
injected in the same category is for example to hijack your web page
using javascript, because there was somewhere a form for for example a
search and the result was printed on the resulting page, without
checking if it contains html.

bye blackdrag

--
Jochen "blackdrag" Theodorou
The Groovy Project Tech Lead (http://groovy.codehaus.org)
http://blackdragsview.blogspot.com/
http://www.g2one.com/

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

  http://xircles.codehaus.org/manage_email