UCMDriven Testing of Web Applications

1
UCM-Driven Testing of Web Applications

• Daniel Amyot, University of Ottawa
• damyot_at_site.uottawa.ca
• Jean-François Roy, University of Ottawa
• Michael Weiss, Carleton University

2
Presentation In a Nutshell

• Web applications not so simple
• Idea Modeling of essential capabilities with Use
  Case Maps
• Derivation of validation test goals
• Conversion to test cases
• Test execution
• Lessons learned

Warning Demonstration!
3
Web Applications (WebApps)

• Many scenarios to support
• Concurrency, stateless protocols
• Robustness, time-to-market
• Openness
• Variety of clients, servers, standards
• Modeling and testing often too time consuming
  and lacking significant payoff Hieatt and Me,
  2002

4
WebApps and Vulnerabilities

• 90 of WebApps are vulnerable to common hacking
  attacks Jacques, 2004
• Cross-site scripting
• Parameter tampering
• Cookie poisoning
• Requests out of expected order (bookmarks)
• Race conditions (multiple Place Order)

5
Questions

• UCM-based modeling and test generation for
  WebApps
• More lightweight and accessible to Web developers
  than many formal methods?
• Technically feasible?
• WebApp modeling (widget.com, with UCMNav)
• WebApp implementation (J2EE)
• Test generation (with UCMNav)
• Test execution (with FitNesse)
• Useful?

6
Some Related Work

• State-dependent behavior as CFSMs Kung et al.,
  2000
• Statecharts for out-of-order messages Di Lucca
  et al., 2003
• Test cases from sequence diagrams Wittevrongel
  and Maurer, 2001
• TTCN-3 for WepApp testing Probert et al., 2005
• UCMs to model e-business processes and value
  exchanges Gordijn and Akkermans, 2001
• UCMs to model OO WebApps in the Web Application
  Modeling (WWM) approach Kaewkasi and Rivepiboon,
  2002
• Tools for testing interoperability, stress, dead
  links

7
widget.com Use Cases
Browse Catalog 1. Customer navigates to the
widgets.com home page. 2. System responds with a
listing of categories. 3. Customer selects a
category. 4. System displays a listing of all
widgets in this category. 5. Customer selects a
widget. 6. System responds with a product detail
page for the widget. 7. Customer adds the widget
to the cart. 8. System displays the updated
cart. 9. Customer proceeds to checkout (see
Checkout). Checkout 1. Customer requests
checkout. 2. System prompts the customer for his
account number. 3. Customer enters account
information. 4. System builds a summary of the
order with totals. 5. Customer confirms the
order. 6. System processes the payment (see
Process Payment). 7. System displays invoice. 8.
Customer proceeds to download area (see
Download).
8
(No Transcript)
9
Overview of the Approach
10
UCM Model for WebApps

• Variables (examples)
• CanPlaceOrder An order can be placed on this
  page.
• CartAvailable The cart is available.
• ValidAccount The customer account is valid.
• Start points buttons and hyperlinks
• Some with precondition (visibility) and/or input
  parameters
• End points page updates/transitions
• Some with postconditions and/or output parameters
• Responsibilities can change content of variables
• Components system and actors
• Maps Web pages or phases (more or less)
• Simple data model (just enough to test!)

11
UCM Model (Top-Level Map)
12
Scenario Definition BaseCase

• Initialization
• ValidAccount ?T
• SuccessfulDownload ? F
• Start Points
• enterSite, browse, selectCategory, selectProduct,
  addToCart, goCheckout, placeOrder, goDownload,
  downloadWidget, exit
• Postcondition
• SuccessfulDownload T

13
lt?xml version'1.0' standalone'no'?gt lt!DOCTYPE
scenarios SYSTEM "scenarios1.dtd"gt ltscenarios
date " ucm-file "WidgetsCom.ucm" gt
ltgroup name "AcceptanceBasic" group-id "1"
gt ltscenario name "BaseCase"
scenario-definition-id "1" description gt
ltseqgt ltdo id"0"
name"enterSite" type"Start" c-name "Customer"
... /gt ltdo id"15" name"enterSite"
type"Connect_Start" /gt ltdo id"19"
name"showWelcome" type"Resp" c-name "System"
... /gt ltdo id"55" name"viewWelcome"
type"End_Point" c-name "Customer" ... /gt
ltdo id"43" name"browse" type"Start" c-name
"Customer" ... /gt ltdo id"19"
name"showWelcome" type"Resp" c-name "System"
... /gt ltdo id"55" name"viewWelcome"
type"End_Point" c-name "Customer" ... /gt
ltdo id"45" name"selectCategory"
type"Start" c-name "Customer" ... /gt
ltdo id"27" name"getCategoryProducts"
type"Resp" c-name "System" ... /gt
ltdo id"61" name"viewCategory" type"End_Point"
c-name "Customer" ... /gt ltdo id"47"
name"selectProduct" type"Start" c-name
"Customer" ... /gt ltdo id"29"
name"showDetail" type"Resp" c-name "System"
... /gt ltdo id"62" name"viewProductDeta
il" type"End_Point" c-name "Customer" ... /gt
ltdo id"49" name"addToCart" type"Start"
c-name "Customer" ... /gt ltdo id"35"
name"updateCart" type"Resp" c-name "System"
... /gt ltdo id"22" name"showCart"
type"Resp" c-name "System" ... /gt
ltdo id"63" name"showCart" type"End_Point"
c-name "Customer" ... /gt ltdo id"56"
name"goCheckout" type"Start" c-name
"Customer" ... /gt ltdo id"57"
name"goCheckout" type"Resp" c-name "System"
... /gt ltdo id"17" name"toCheckout"
type"Connect_End" /gt ltdo id"66"
name"checkout" type"Connect_Start" /gt
ltdo id"68" name"promptAccount" type"Resp"
c-name "System" ... /gt ltdo id"77"
name"viewLogin" type"End_Point" c-name
"Customer" ... /gt ltdo id"78"
name"signIn" type"Start" c-name "Customer"
... /gt ltcondition id"83"
label"ValidAccount" expression "ValidAccount"
/gt ltdo id"74" name"buildOrder"
type"Resp" c-name "System" ... /gt
ltdo id"81" name"orderDisplayed"
type"End_Point" c-name "Customer" ... /gt
ltdo id"82" name"placeOrder" type"Start"
c-name "Customer" ... /gt ltdo id"123"
name"Start" type"Connect_Start" c-name
"System" ... /gt ltdo id"125"
name"processPayment" type"Resp" c-name
"System" ... /gt ltdo id"124" name"End"
type"Connect_End" c-name "System" ... /gt
ltdo id"97" name"showInvoice"
type"End_Point" c-name "Customer" ... /gt
ltdo id"98" name"goDownload" type"Start"
c-name "Customer" ... /gt ltdo id"99"
name"buildDownload" type"Resp" c-name
"System" ... /gt ltdo id"69" name"end"
type"Connect_End" /gt ltdo id"104"
name"downloadArea" type"Connect_Start" /gt
ltdo id"106" name"processDownloadArea"
type"Resp" c-name "System" ... /gt
ltdo id"108" name"showDownloadArea"
type"End_Point" c-name "Customer" ... /gt
ltdo id"107" name"downloadWidget"
type"Start" c-name "Customer" ... /gt
ltdo id"109" name"sendDownload" type"Resp"
c-name "System" ... /gt ltdo id"108"
name"showDownloadArea" type"End_Point" c-name
"Customer" ... /gt ltdo id"113"
name"exit" type"Start" c-name "Customer" ...
/gt ltdo id"115" name"end"
type"Connect_End" /gt ltdo id"1"
name"ExitSite" type"End_Point" /gt
lt/scenariogt lt/groupgt lt/scenariosgt
14
UCM2FIT

• Converts a scenario generated by UCMNav (in XML)
  to a FitNesse test page, and adds it to a test
  suite.
• Requires additional information in a
  configuration file
• Enumeration of values available for the
  parameters used in the UCM model
• What needs to be checked upon reaching an end
  point
• Transformed automatically to test output
  checking.
• Requires the interactive selection of data for
  parameters while generating tests.

15
FitNesse Test Environment

• FitNesse
• Wiki and Web server
• Includes FIT, the Framework for Integrated Test
  (Ward Cunningham)
• Test definition (as tables) and execution (with
  results) from a Web browser
• Popular in the agile development community
• Available at http//fitnesse.org
• Fixtures
• Adaptation between (abstract) FitNesse test steps
  and the WebApp
• We developed a generic WebFixture that offers
  basic services for testing WebApps
• Link/button selection, value input in forms, page
  content checking via pattern matching, etc.

16
!1 BaseCase !3 DescriptionPrimary scenario where
everything works. !-fit.ActionFixture-! start
!-ucm2fit.WidgetFixture-! checktitlewidgets.co
m enterpatternToMatch!-Welcome to
widgets.com.-! checkmatchestrue pressbrowse
checktitlewidgets.com enterpatternToMatch
!-Welcome to widgets.com.-! checkmatchestrue
enterselectCategory!-Utilities-! enterpatter
nToMatch!-Select from these sumptuous-! checkm
atchestrue enterselectProduct!-Directory-!
enterpatternToMatch!-discount on orders
over-! checkmatchestrue pressaddToCart en
terpatternToMatch!-Ready to order?-! checkmat
chestrue enterpatternToMatch!-Directory-! c
heckmatchestrue pressgoCheckout enterpatte
rnToMatch!-Enter your 4-digit account
number-! checkmatchestrue entersignIn!-123
4-! enterpatternToMatch!-Please review and
submit your order.-! checkmatchestrue press
placeOrder enterpatternToMatch!-Please
proceed to the-! checkmatchestrue pressgoDo
wnload enterpatternToMatch!-Download the
purchased widgets-! checkmatchestrue enterd
ownloadWidget!-Directory-! enterpatternToMatch
!-Download the purchased widgets-! checkmatche
strue
17
Scenarios/Tests Created
18
Test Results
Actual result is different from expected one! The
quantity of CpuMeter was set to 0 while editing
the cart, yet this product is still listed (a
false match was expected).
19
Test Results

• Planted errors
• Edits to the shopping cart not properly updated.
• Discount not always correctly applied.
• Race condition Only the most recent order is
  shown in the download section.
• State-/Timing-related Can add widgets to the
  cart for free.
• Bug 4 was not revealed by our test suite.

20
Discussion/Conclusions

• Can model several interesting aspects of WebApps
  with UCMs, and derive useful test purposes
• Unconventional style of UCMs
• But tool support works
• Scenario definitions still need a testing
  strategy
• Need better automation for value selection
• Difficult to generate rejection tests
• Could relax preconditions associated to UCM start
  points
• Need to check assertions at given points in
  scenario definitions, not just at the end
• Need more experiments for appropriate UCM
  modeling style enabling other type of errors to
  be detected

21
Thank You! Questions?
?
22
Additional Material
23
(No Transcript)
24
(No Transcript)
25
Plug-in for the BrowseCatalog stub
26
Plug-in for the Checkout stub
27
Plug-in for the Download stub