I posted this to the modules mailing list, but the signal/noise ratio on that lists seems to have fallen through the floor, so it doesn't surprise me that I got now responses.
I'm attempting to write some test code for the Win32::Security modules, and I'm beset by a conundrum.
To really test something that is designed to manipulate the security of files on the filesystem, one has to really do that. Otherwise, it's just smoke and mirrors and you don't know if the code really works.
I've flipped back and forth over this issue. Should I knowingly put code in a test suite that intentionally makes changes to the state of a system? I've started playing with such a test suite, and I've decided that if I decide to do this, the best approach is one like:
- Create the directory "$ENV{TEMP}\\Win32-Security_TestDir_$$" and do all my testing in there
- Wrap all of the test code in an eval {}; and have it do its work in and on that directory
- After the eval, do a system("rd /s /q \"$tempdir\""); (where $testdir is the directory created above)
Other requirements for the code are that it be able to identify the user running the test (using $ENV{USERDOMAIN} and $ENV{USERNAME}) and that it be able to find cacls.exe (which wasn't standard with the OS until Win2K, IIRC). Since I originally posted the message, I've started writing test code using the above approach. I'm finding oodles of corner-of-the-envelope bugs (and fixing them) - black-box reinvention of Microsoft's internal ACE propagation algorithms is proving to be non-trivial. I'm glad I've started doing this, the only question is whether I should release the tests or somehow provide them in a disabled form for users who really want to test. It would be nice to get feedback from CPAN Testers, though.
So, should I risk this? Is this a reasonable solution? How and where should I put appropriate warnings?
Thoughts?
In another vein, I'd like to write a test suite for some scripts I distribute with the modules (PermDump.pl, PermChg.pl, and PermFix.pl). I've placed these scripts in the lib/Win32/Security directory so that they will get packaged up and distributed by PPM packages (I hope), since they are very useful tools based upon this module.
What is the best way to locate those modules so that I can test them from a .t file? Scanning @INC for the files? How do I know what version of perl.exe to call (remember I'm running under Win32, and I'd like this module to work on any build since 5.005)?
Finally, I need another account to assign permissions to for the testing. Do you think I'm safe using Guest (since it's a BUILTIN and present on every machine)? What about localization issues? I think these accounts get different names under different localized versions of Win32. Aiiii!!!!
--Toby Ovod-Everett
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.