diff options
| author | ernstvn <ernst@gitlab.com> | 2017-09-25 17:56:52 -0700 |
|---|---|---|
| committer | ernstvn <ernst@gitlab.com> | 2017-09-25 17:56:52 -0700 |
| commit | e16878bbef17385d126fe98eb7d14086df86ee25 (patch) | |
| tree | 28e56a37b7f02404beb5e6f571f10e405de00162 | |
| parent | 53b3ad5f7ce50bfdb1dd0c72b3cc2b020f52abe1 (diff) | |
| download | gitlab-ce-evn-add-neg-tests.tar.gz | |
Test for what should not be there as wellevn-add-neg-tests
| -rw-r--r-- | doc/development/testing.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/development/testing.md b/doc/development/testing.md index 83269303005..386e8bef972 100644 --- a/doc/development/testing.md +++ b/doc/development/testing.md @@ -150,6 +150,16 @@ always in-sync with the codebase. [GitLab QA]: https://gitlab.com/gitlab-org/gitlab-qa [part of GitLab Rails]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/qa +## Test for what should not be there + +This is particularly important for permission calls and might be called a +negative assertion: make sure only the bare minimum is returned and nothing else. + +See an issue about [leaking tokens] as an example of a vulnerability that is +captured by such a test. + +[leaking tokens]: https://gitlab.com/gitlab-org/gitlab-ce/issues/37948 + ## How to test at the correct level? As many things in life, deciding what to test at each level of testing is a |