Aug 12, 2014

Be careful using TestBase::randomString() to generate test string values

While converting a test class to D8, I simply replaced some calls to TestBase::randomName() with calls to TestBase::randomString(), thinking that the generated strings would then be more varied and provide slightly better test coverage.

This "innocuous" change resulted in test assertions that would sometimes fail, sometimes pass.  Repeated test runs showed no particular pattern while I was debugging, not suspecting this particular change I had made but looking elsewhere instead.

With hindsight, I realize that the failing tests did not happen consistently because these are randomized string values. Of course!

The broken code:

    $edit = array(
      'new_project_title' => $this->randomString(8),

      // ... values for other form fields ...
    );
    $this->drupalPostForm($this->addUpdatePage, $edit, t('Add'));

    $project_title = db_query(
      'SELECT project_title FROM {optimizely}' . 

      ' WHERE project_title = :new_project_title',
       array(':new_project_title' => $edit['new_project_title']))
        ->fetchField();



The original code, which works:

    $edit = array(
      'new_project_title' => $this->randomName(8),

      // ... values for other form fields ...
    );
    $this->drupalPostForm($this->addUpdatePage, $edit, t('Add'));

    $project_title = db_query(
      'SELECT project_title FROM {optimizely}' . 

      ' WHERE project_title = :new_project_title',
       array(':new_project_title' => $edit['new_project_title']))
        ->fetchField();



randomName() returns a string consisting only of letters and numbers.
randomString() returns a string consisting of any printable character.

The problem is that randomString() sometimes generates a string with special characters that results in the forming of invalid SQL statements. I had made no provision for properly escaping those.

Sources:

public function TestBase::randomString
https://api.drupal.org/api/drupal/core!modules!simpletest!src!TestBase.php/function/TestBase%3A%3ArandomString/8

No comments:

Post a Comment