Wednesday, 18 June 2008

Automate This

A big bucket of rambley nonsense about automating web testing



Okay, so we have been trying to grapple with FitNesse and Selenium to produce automated "acceptance" tests for our continuous integration development.

Before we brought ThoughtWorks in i had already been looking at automated test tools. There are lots of tools out there, some very simple (yet effective) and other very complicated.

Some of these tools profess to be web testing tools, while others claim to be able to test anything. Having said that any tool that requires me to purchase an add-on or plug-in to achieve automated testing is going to get shot down straight away. Testing is core to what i do I'm a tester, so far as i'm concerned testing is not an add on.

I thought i would get my thoughts on automation down, so should the wheels of the fabled bus ever get chance to put my mothers under-cracker warnings to the test my ramblings can be copy and pasted into someone else' documentation.

During the usual testing activities we aim to undertake the following test activities:

1) Functionality Testing
2) Usability testing
3) GUI\Interface testing
4) Browser Compatibility testing
5) Performance testing
6) Security testing

The list isn't in any particular order and none is implied. But any seasoned tester will recognise that i'm talking about the upper right hand side of the V model, wheras FitNesse has traditionaly been used further down.

1) Functionality Testing:

It isn't immediately obvious what functional testing means when talking about web testing. If you are sat in front of a static html page, that is merely a funnel into a web application you are fairly limited in the amount of functional testing you can do. All web pages can be functionally tested for working includes (css, images, etc.) testing all the links, forms, images,JavaScript and cookies. All the individual elements that are used to make up a web page. Lets take a more in depth look at this.

Link checking:

Once aspect of functional testing of web pages, checks links for broken or malformed types of:
  • Outgoing links
  • Internal links.
  • named anchors.
  • links used to send email (mailto).
If its possible (its not always possible to get access the the disc) test for orphaned objects. Note that i didn't mention things like SEO within the context of functionality testing or links, because i see that as being non functional testing of a link. I also didn't mention that the link was tagged appropriately for disabled users, because again this is covered later on. What should be covered is that the link is tagged appropriately for whichever analytic packages is being used by the website.

Test forms:
Forms were previously essential for submitting user information, but thanks to web 2.0 they are starting to disappear. Nevertheless, they still need to be tested for
  • input validations (where applied).
  • default values of fields (where set).
  • constraints (sting length, numerical, alpha etc).

I haven't mentioned the error handling for the actual submission be cause that is the responsibility of the functionality within url the form points at, and not the form itself.

Cookies:
Testing Cookies, can be a right PITA. Thankfully firefox and its numerous wonderful plugins like web developer and firebug have made our life a lot easier. Cookie testing normally covers:

  • cookies enabled
  • cookies disabled
  • cookies deleted
  • cookies set
  • cookies read
  • cookies updated

We often visually inspect the cookie to make sure the developer hasn't done something incredibly stupid like store the username and password in the cookie in plain text.

Database testing:
Data consistency is very important in web application. Check for data integrity and errors while you edit, delete, modify the forms or do any DB related functionality.
Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. More on database testing could be load on DB, we will address this in web load or performance testing below.





2) Usability Testing:

Test for navigation:
Navigation means how the user surfs the web pages, different controls like buttons, boxes or how user using the links on the pages to surf different pages.
Usability testing includes:
Web site should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose.
Main menu should be provided on each page. It should be consistent.

Content checking:
Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colours, fonts, frames etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.
These are some basic standards that should be followed in web development. Your task is to validate all for UI testing

Other user information for user help:
Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.

3) Interface Testing:
The main interfaces are:

Web server and application server interface
Application server and Database server interface.

Check if all the interactions between these servers are executed properly. Errors are handled properly. If database or web server returns any error message for any query by application server then application server should catch and display these error messages appropriately to users. Check what happens if user interrupts any transaction in-between? Check what happens if connection to web server is reset in between?

4) Compatibility Testing:
Compatibility of your web site is very important testing aspect. See which compatibility test to be executed:

  • Browser compatibility
  • Operating system compatibility
  • Mobile browsing
  • Printing options

Browser compatibility:
In my web-testing career I have experienced this as most influencing part on web site testing.
Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with. Your web site coding should be cross browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.
Test web application on different browsers like Internet explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers with different versions.

OS compatibility:
Some functionality in your web application is may not be compatible with all operating systems.
We Test our web application on different operating systems like Windows, MAC, Linux with different OS flavors. What can work in MSIE7 on Windows XP with service pack three, will fail onMSIE7 Windows Vista Home, but work on MSIE7 with Windows Vista Office Premium.

Mobile browsing:
This is a tough one. We get thousands of visitors a day using mobile devices, and even games consoles to view our site.

Printing options:
If you are giving page-printing options then make sure fonts, page alignment, page graphics getting printed properly. Pages should be fit to paper size or as per the size mentioned in printing option.

5) Performance testing:
Web application should sustain to heavy load. Web performance testing should include:
Web Load Testing
Web Stress Testing

Test application performance on different internet connection speed.
In web load testing test if many users are accessing or requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to DB, heavy load on specific pages etc.

Stress testing: Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes.
Stress is generally given on input fields, login and sign up areas.

In web performance testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors,

6) Security Testing:

Following are some test cases for web security testing:

  • Test by pasting internal url directly into browser address bar without login. Internal pages should not open.
  • If you are logged in using username and password and browsing internal pages then try changing url options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the url site ID parameter to different site ID which is not related to logged in user. Access should denied for this user to view others stats.
  • Try some invalid inputs in input fields like login username, password, input text boxes. Check the system reaction on all invalid inputs.
  • Web directories or files should not be accessible directly unless given download option.
  • Test the CAPTCHA for automates scripts logins.
  • Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
  • All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.

Thursday, 12 June 2008

Creating FitNesse tests

Okay, so we are still having problems with CruiseControl (it falls over after n builds) but meanwhile i need to start creating tests in Fitnesse.

The ThoughtWorks consultant has already started, but i just reviewed the work and i'm less than impressed.

I want each page to contain some prose that describes what's being tested and why.

The structure of a requirement should follow a basic syntax. We should have a basic description of what is needed from a business perspective:

As a [role] I want [requirement] so that [business value].


And the tests should line up by defining an Acceptance criteria, basically we define what "done" looks like:

Given [context] when [action] then [outcome]


The Acceptance criteria should be written jointly by BA and QA, and the acceptance tests map directly to acceptance criteria.

So on each page (a test) i want a preamble (the story), the requirement and the acceptance criteria.

The Fit table (the actual test) can then sit directly under the prose for the acceptance criteria.

That way, each page (each test) is the requirement, the test and the test results.

Wednesday, 11 June 2008

Integrating Fitnesse with CruiseControl

So like i said in earlier posts we are implementing FitNesse on our java development projects (well to be precise just one) with help from ThoughtWorks so we can run automated acceptance tests.

We are still at the bashing the stick on the ground and making a lot of noise stage (so far as my Space odyssey metaphor goes), and we are not yet 100% convinced of the value of FitNesse within our organisation. The way it has been set-up so far, makes it unmaintainable, hard to navigate and it feels a bit flaky. Sure FitNesse is great where the requirements are a little thin on the ground, but i think there is an absolute requirement for process and procedure when it comes to building a suite of tests in FitNesse if it is ever going to have longevity. That is not slur on FitNesse, but i have yet to see any one describe how they build a suite that has some structure.

So today we are trying to get FitNesse and CruiseControl working together.
The dev team have used CruiseControl in the past, but it doesnt work properly (some issue with forking) and depending on how we look at cobertura we either have 27% coverage or 35% coverage of Unit test so there is some way for them to go. I hope can integrate the FitNesse Tests with the current build process and gain an extra layer of testing.

One thing as a tester i dislike about FitNesse is that lacks a lot (does it have any) of the reporting features you see on other test tools. So i will spend this afternoon looking at some free (as in beer) reporting tools. I also cant see how you do test selection, or report on test coverage....

Friday, 6 June 2008

Fitnesse for dummies?


We pride ourselves on our technical prowess, by we i mean my team and I and by team i mean the greater QA team at work.

As testers we are often thought of as not being technical and in some institutions it is actively discouraged. However being a technical tester is dependent on the domain you work in.

In our domain we need to be holistic on our approach to testing, we need to be multidisciplinary with skills in Linux, Apache, Jboss, J2EE and Oracle. We work for a large website so we all need to understand headers, HTTP, cookies, dynamic HTML/Json.

So it was with some surprise (read, it caught us out) that we found ourselves staring at FitNesse (the Acceptance Testing Framework) like the apes staring at the monolith at the start of 2001: A Space Odyssey (1968). We understand its importance, and we can see the benefits, but how do we turn it on? what makes it go?

Well a few hours later and to our horror we have installed JDK and eclipse and we are coding in java. But this doesn't really sit well at all, testers writing tests in java? who will test our tests?

Worse than this, we don't have Java coding skills across the team (nor do we want them) so what can we do?

A few googles later and we can see that we are not the only people that think this sucks. For every test case we write in Fitnesse we ill have to write a corresponding fixture (read some java code). Until i run across Anubhava's Tech Blog and his post Introducing Generic Fixture for FitNesse. Here he talks of the same problem of having write java code for every test. His solution is rather neat, the GenericFixture.

I followed his examples and hit a few dead ends, so i emailed Anubhava and after a few question from him discovered that what i believed to be the GenricFixture.jar was in fact a 700Kb web page (an error message from sourceforge). With the proper jar downloaded from sourceforge we are off and running, and can now write tests without cutting a single line of java, but wait that's not all...

Something was still unsettling about the whole deal, and that was the fact that FitNesse allows users to create tests using natural language.

here is a simple example in fitness

users opens the URL http://www.google.co.uk
page has the title
Google
page has an element named q
true
page has an element named btnG
true
user types chocolate into q field
user clicks on the button named btnG
page loads in less than 5 seconds
page has the title
chocolate - Google Search
user clicks on the link named Chocolate - Wikipedia, the free encyclopedia
page loads in less than 5 seconds
page has the title
Chocolate - Wikipedia, the free encyclopedia


and here is the same example in selenease

openhttp://www.google.co.uk
assertTitleGoogle
typeqchocolate
clickAtAndWaitbtnG
assertTitlechocolate - Google Search
clickAtAndWaitlink=Chocolate - Wikipedia, the free encyclopedia
assertTitleChocolate - Wikipedia, the free encyclopedia


As you can see the FitNesse example is easily read and understood whereas the selenim version requires the user to understand the selenium syntax (selenease).

Our friend Anubhava (above) had hit upon the same problem, and implemented a Domain Specific Language (DLS) adepter for the GenricFixture, so problem solved, for now...

Running Selenium with proxy exceptions

The way we have our QA environment set-up we use a DNS server this allows us to mimic the live environment (the customer facing server names are the same as in the production environment). It sounds ideal however it isn't without problems. We cant set-up a banner server in our environment (because we use a third party banner service) nor can we set-up a WA server (we use multiple WA vendors) so we have to use proxy exceptions that excludes everything from going through the proxy that exists in inside the QA environment.

This obviously means we can end up with a pretty big proxy exceptions list in our browser. Firefox isn't a problem as there are a couple of plug ins available that can manage multiple proxy settings. However IE requires us to use a hand crafted batch file to update registry settings. Not really a problem, and we are comfortable with how it works. It rarely catches us out.

Now when we cam to automate our tests with selenium we ran into a problem. We needed to tell selenium to use our corporate proxy so it can proxy request to the outside world, and when selenium starts the browser it tell the browser to use a particular PAC file that is generated at test run time. The PAC file is quite simple and tells the browser to use Selenium for anything that lies within the SUT else go external. sound's great except that it doesn't work.
We read a few forum posts, and blog posts and scratched our heads. Finally we opened the Selenium source code and found that we could in fact pass in a list of hosts to apply to the proxy exceptions list. We were feeling pretty jaded are spending hours of google time on it, why its not documented clearly anywhere i don't know.

Okay, so our startup command for selenium looked like this

java -Dhttp.proxyHost=proxy.ourdomain.co.uk -Dhttp.proxyPort=8080 -jar selenium-server.jar –avoidProxy


To add proxy avoidance you specify the hosts you want to avoid through the proxy and delimit with the pipe character |, but we then found we had to delimit the pipe character with the caret ^

-Dhttp.nonProxyHosts=*www.ourdomain.co.uk*^|*search.ourdomain.co.uk*


So our new selenium startup string looked like this

java -Dhttp.proxyHost=proxy.ourdomain.co.uk -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=*www.ourdomain.co.uk*^|*search.ourdomain.co.uk* -jar selenium-server.jar –avoidProxy


This means that if the request is for anything other than www. or search . on our domain, selenium forwards it through our corporate proxy.

Of Agile, ThoughtWorks, Selenium and Fitnesse

I have set up this blog to capture some of the problems we are bound to run into over the next 60 days.

I work for a well known (read busy) commercial website in the UK. We currently use a traditional waterfall approach to our software development life cycle, and we are under pressure to deliver more, and deliver it more frequently.

I am an ISEB certified Test Practitioner and I supported by two testers on my Team. Martin, a test analyst, who has achieved his ISEB/ISTQB Foundation certificate in software testing, and Robert, a junior test analyst who will be taking his foundation training later this year.

We are all aligned to thinking about software testing in the same way. That is, we have a clear set of requirements (be they, technical, business or design) and we test against those; simple no?

However in the real world it is never that cut and dried, and often requirements are thin, late or non existent, and (of course) liable to change at the drop of a hat. This is compounded further by the businesses increasing frustration at having to wait for a simple change to be implemented; we are only talking about a website here right? It’s not like we are trying to boil the ocean.

Cue Music – Enter ThoughtWorks.

Somewhere along the way the business got to hear of ThoughtWorks, a company that can offer (among other services) a helping hand for any software house wishing to become Agile. I don’t want to talk too much about ThoughtWorks and our relationship with them, because I only want to focus on the Testing aspect of becoming Agile, and because I could fill another blog with chatter about working with ThoughtWorks.

Anyhoo, we are a Linux, Apache, J2EE & Oracle house. So it felt right that we should use Selenium for our automated testing. ThoughtWorks originally created selenium so it felt right to use it with them. We have looked at Selenium in the past and I have used selenium scripts with the most excellent Reality QA product from the guys at GOMEZ (more on that later).

A couple of interesting points about selenium; Selenium is a chemical element with the atomic number 34 and is represented by the chemical symbol Se. Selenium can be found naturally in nuts (Brazil nuts are the richest ordinary dietary source), cereals, meat (such as kidney), fish (shellfish such as crab and lobster), and eggs.
Selenium is often touted as "The cure for mercurial poisoning" (being poisoned by Mercury), and any tester can tell you that Mercury produced (before being bought by HP) some highly priced automated test tools of the variety that "require plug-ins" to do anything more ordinary than record and playback (Test Director for instance). So I think the developers of selenium thought it would be funny to name their product Selenium. I think however that the last laugh may be on them, because selenium is not actually an antidote to mercury poisoning, it’s just a chelating agent for heavy metals including mercury and although selenium is an essential trace element, it is toxic if taken in excess. There is no known antidote to selenium poisoning.