Category: General Stuff

Codemash 2016 Notes: Data Synchronization Patterns

Data Synchronization Patterns

Presenter Eric Maxwell

Good walk through of how to select an appropriate data transfer protocol for data services.  Focused mostly on rest and security.

  • Data transfer protocol
    • depends on environment
      • do you need service discovery, delivery requirement ? (soap)
      • do you need transaction management?  (soap)
      • How much does bandwidth cost you? (rest)
      • are your clients and servers speaking same language? (soap if so)
  • Focusing on rest
    • always use compression can get 80% gain
    • different way to turn on for each platform
    • Sync Tokens are bookmarks for new fetches
      • token is just a string
      • server doesn’t keep state regarding who got a token but knows a certain token maps to a time
  • Security
    • Privacy
    • Integrity and Trust
    • Always use https
      • Mutual ssl
        • when server wants to know talking to a valid client
          • client sends it’s public  key server decides if it likes it
          • we actually do this, we put a client cert on mobile device and use that to establish client is legtimate
    • Authentication
      • basic auth
        • credentials in header needs ssl
      • certificate based
    • Authorization
    • OAUTH 2.0
      • Authorization Server
      • Identification Service
      • Resource Owner
      • Client
      • Server with Resourcce
      • Process
        • client registers with authorization server get clientid and shared secret
        • resource owner makes request on client to get access to resource
        • client authenticates user
        • client sends user to authorization server to get permission gets access token
        • access token and clientid and shared secret needed for client to then get resource

Codemash 2016 Notes: Abstract Art Getting Abstraction Right

Abstract Art Getting Abstraction Right

Presenter Jeremy Clark

I agreed with much of what was presented.  Abstraction has its upsides and downsides, there is an appropriate middle ground.  I agree that following good practice (DRY, YAGNI, SOC, KISS and DDIY) will help you get there.

 

  • Why abstraction is awesome
    • maintain
    • extend
    • testablility
  • Why abstraction is awful
    • adds complexity
    • confusion
    • debugging difficulty
  • Over Abstractor
    • we’ll find a use for this in the futrue
    • overly complex
  • Under Abstractor
    • Let’s keep things simple
    • Ridgid
  • Priniciples to apply to push to right middle ground
    • DRY – Don’t Repeat Yourself
    • Soc – Separation Of Concerns
    • YAGNI – You’re not going to need it
    • KISS – Keep it simply stupid
    • DDIY – Don’t do it yourself
  • Use the principles so you don’t end up with rigid, hard to maintain untestable code
  • If you are an under-abstractor and you can find an over-abstractor you can become a good team since can find balance, or vice/versa

Codemash 2016 Notes: Precompiler: Security On The Web

Secure Web Coding 2 day presentation

Jim Manico presenter

I attended this two day presentation for the Codemash compiler.  I had planned on attending only part and catching some other classes, but found this material so useful and well presented that attended the entire two day presentation.  Very informative and well done.  Learned much that will be applicable to my day to day.  My notes are below.

 

  • No difference between a web application and service from a security standpoint
  • http is stateless
  • http verbs get has no body
  • http headers
    • referer has the url where you came from, if sensitive data in url goes to next link
  • any aspect of request can be modified by an attacker
  • don’t use get request for things that have data.
    • nullipotent, get a resource not adding or changing things
  • millionman botnet
  • hold state in database, session can be dropped.  yepper.
  • should always use https for any sensitive data.
    • was a performance issue years ago but no longer
    • istlsfastyet.com
  • finally a good point, should use https between application servers.  no reason not to.
  • we should create default certs in our deployments so everything is https even if certs are weak since between boxes we can make each end accept certificate
  • server response header should be turned off if can be, but not a big deal since it is easy for anyone to figure out what server you are using
  • reviewed how cookies work
    • if you add secure flag to cookie it will stop a cookie from being sent unless the protocol is https.
    • httponly flag tell cookie you cannot be changed by the client or even be read by the client
      • blocks cross site scripting by not allowing other javascript to see your cookie
  • turn off client side caching
    • cache-control/pragma response header
    • jsonp is crap
      • access-control-allow-origin
    • Content Security Policy tells browser what it can and cannot do to you on the server
      • it’s wicked complex he says
  • x-frame options limits who can put you in a frame to stop click jacking
  • x-xss-protection
    • stops any javascript in url from being executed
  • x-content-type-options: nosniff
    • shut down browser trying to guess  your mime type
  • security should be in application requirements
    • use ASVS standards as requirements so devs know security is expected.
    • ASVS 3.0
  • LetsEncrypt free https
  • Authenticity is another reason for https
  • isps are injecting code into pages served on their networks
  • cryptography is bypassed not attacked
    • old https implementations
      • ssl was original, it is dead
      • tls is what is used now
  • https 2 is just coming out now
  • TLS 1.o is just SSL 3.1 due to copyright issue
  • Important things
    • Confidentiality
      • can’t read
    • Integrity
      • cannot change
    • Authenticity
      • know it came from who it says it came from
  • Turn off ssl 3.0 entirely.  attack pretends tls is broken to forces ssl and then break it so turn off ssl 3.o
  • Trustwave was selling private keys to help man in the middle attacks.
    • can’t trust your ca then you are hosed
  • Certificate pinning
  • strict transport security forces client to use https even if it tries not to
    • browser has to support this, most modern browsers do
    • hsts preload list
      • even a redirect to https is not as good as preload list since that first request can still be comprimised
      • include subdomains
  • problem is that if any ca goes bad you have an issue hence certificate pinning
    • apriori pinning
    • we do that with our mobile app
    • tofu pinning
      • trust on first use, don’t accept if key changes
      • public key pinning extension
        • create pinning headers that can block or report
    • local authorities ignore all pinning, on purpose to support data inspection
      • users can be tricked into installing a local authority
  • Passwords and hashing, oh boy
    • most passwords easily hacked
    • password hash should be slow so take long time to break, bcrypt, scrypt
    • ban common passwords
    • length makes passwords more secure
  • Role based access – Access Control
    • likes to be waterfall in access control
    • Principle of least privilege
      • Jerome Saltzer and Dr Schroeder white papers forefathers of modern authorization
        • Don’t trust the infrastructure
    • General Access Control Model
      • prinicipal -> action -> guard -> protected features
    • Doesn’t like role based access
    • Attacks
      • privilege escalation
    • Bad design
      • avoid hard coded role checks
      • decentralized access control
        • need to be able to answer, what is your access control policy?
        • database map of role to feature is good
      • Untrusted data driving access control decisions
      • manual change necessary to add security to each endpoint
      • access control that is sticky in session, can’t change logged in users permissions
    • Good design
      • every request goes through centralized access control layer
      • Use filter to determine if attributes about the user allow access
      • be able to change user roles/permissions in real time
      • build grouping(roles) to make admin easier
      • lock out users if they try and make calls they aren’t allowed to make as likely an attack
    • Horizontal access control
      • make sure owner is part of query
    • Data Contextual Access Design
  • tinyurl.com/codemash2016
  • Cross Site Scripting(XSS)
    • httpolny on cookie stops javascript from reading cookies
    • pineapple wifi devices
      • looks like actual wifi reads traffic
      • Beef project allows injection of javascript into all calls
    • Reflected XSS
      • attacker sends a link to the victim
    • Persistent Stored XSS
      • attacker puts payload into persistence mechanism, usually db.  run later on other clients machine sends attacker data
    • Defense
      • poor defense
        • limit some character set
      • good defense
        • encoding output where it is displayed with appropriate encoding
        • httponly cookies
        • sandbox 3rd party javascript
    • Proper Encoding of all output to the screen will block almost all xss attacks.
    • InnerHtml — real big arse issue here
      • parses any script in the argument if malicious js is in argument it will be processed, this is a real attack vector
    • Validation does not imply security
    • protecting untrusted links in your code
      • validate url is a proper format
      • allow only http or https
        • javascript: is a scheme that is legal url that allows malicious javascript execution
      • check url for malware – api’s for checking if url is pointing at malware
        • check on daily output to make sure url has not be repointed to malware
      • encode url in the context of display
      • EVERY VARIABLE SHOULD BE ENCODED IN THE PROPER CONTEXT
    • HTML sanitization
      • different from encoding
      • tinyMCE
        • sometimes want to execute code that was inputted
        • need to sanitize so allows some but not all functionality
        • use formal 3rd party sanitizer, writing your own will be painful
    • Sandboxing
      • iframe with sandbox attribute blocks it off
        • ad agency pays less if iframe add since they get less user data
    • x-xss-protection header
    • xss protection with no encoding
      • deliver html with static/safe data only in the html
    • Cross Site Request Forgery
      • cookie for a domain go to domain regardless of where initiation is done
      • go to evil website if you are logged into target evil site can execute against target via javascript or src on images
      • Defense
        • side effects should be done through a post, then only need to defend posts for x-site scripting
        • check for definitely invalid http referers
          • empty referers are normal, but bad referers can be identified
        • force reauthentication for significant events
        • move session ids out of cookies so don’t ride along on attack post
      • Synchronizer token pattern
        • create unique token per session per user
          • put this value in hidden field and check it on every submission make sure it matches
        • supported by most frameworks, just need to enable and configure it
      • new header for CORS
        • origin header
        • tells you origin of the request – white list
        • need to have header sent in order to use
          • referrer can be used as a backup
            • it isn’t always there but usually is
            • can drop empty requests or let it go through, very small percentage have no origin or referrer
    • Life Cycle Thoughts
      • provide actionable security requirements before starting coding
    • Threat Modeling
      • lightweight and ad-hoc and informal unless you are a bank
      • discussing a non functional requirement can lead to some ad-hoc threat modeling
    • Provide developers Secure Coding Libraries
      • provide tools so they same tools are used across the entity using same tools
        • one so we  know the choosen tools work
        • two so we know the devs are using tools that work
    • Fork ASVS 3.o and alter it to be your standard
    • Checklists help professionals make sound choices in stressful circumstances:  example pilots use them even though they know how to fly a plane.
    • Scans and reviews
      • Dynamic Scans are quick and cheap but man false positives
      • Manual pen testing expensive and lengthy but gives good results
      • Manual code review code buy time consuming
      • Automatic code scans many false positives but quick and cheap

Ideas For A More Reliable Process

Below is a document I wrote with suggestions for how we can potentially change our process to promote more reliable, quality and friendly processes. It is basically a derivative of scrum. Thought I’d share on my blog.

Enjoy!

———————————————————————————————–
The below is a set of suggestions for how we can change our development process to be more reliable both in terms of estimating completion dates and code quality.

Development Process

 

Ideas For A More Reliable Process
Desired Outcomes

 

There are three outcomes the below suggestions are intended to support.

1. Reliability of Delivery Estimates
2. Increased Code Quality
3. Increased Team Morale And Buy In

 

Reliability of Delivery Estimates:

First we hope to change our process to make our delivery of work more predictable. We hope the below changes allow us with more accuracy to communicate to stakeholders how long a feature will take to be complete and when it is possible for us to complete it given workload and priorities at the time the feature is requested.

 

Increasing Code Quality:

The changes suggested below are also intended to increase the quality of our work. By increasing code quality we mean decreasing the amount of defects identified in our code, and identifying defects sooner in our process.

 

Increasing Team Morale and Buy In:

The suggestions below will address increasing developer ownership and collaboration with the hope of increasing the morale of our work environment and increasing developer’s sense of ownership over the whole work product.

 

Suggestions

 

 

 

Split Group into Smaller Teams:

 

We should split our group into smaller teams that have resources that can work on layers of the products the team works on. This means each team should have at least one person who is capable of doing SQL work if their products interacts with a database, at least one person who can do MVVM work if their product has a web front end, and at least one person who can work on services if their products interacts with services. Teams should not be too large as large teams tend to break down into smaller informal teams anyway.

We are suggesting we create three development teams of five in the web group. Each team would consist of one senior level developer, two mid our above level developers, a resource to act as a proxy for a business analyst role and resource to act as a proxy quality analyst. One person on the team, either the senior developer or business analyst proxy or quality proxy, will also act as the team administrator. The team administrator will be in charge of organizing meetings and managing the team’s actionable backlog.

The teams should decide on a name for their team, this adds in creating team buy in.

 

Sprint And Story Management:

 

A story will only be worked on if it is in a sprint. Issue Manager should be changed so that Sprints are their own field. When a story is scheduled to be released is important information and should be managed separately from when it is worked on. If a story is required in a certain release then it should be included in a Sprint that happens before or during that release.

story’s will be assigned to only a team. Developers will track their time in the story against whatever item they are working on, but actual task management will be up to the team itself. It will not be necessary that individual developers are fully loaded via story, only that the team has taken on an appropriate amount of work for the sprint based on its velocity and accommodation for expected support work.

To increase buy in and participation from the group sprints can be named differently than releases. The whole group can decide a naming paradigm for sprints each year and then the year can be cut into those sprints. For instance the group could decide that cartoon characters will be sprint names for 2015. The first sprint of the year will be a cartoon character that starts with A, the next B and each sprint is named for the entire year.

 

Estimated Hours as Velocity: Break Estimates Out Into Initial Estimate and Actual Work Hours:

 

When a story is estimated and assigned for work, allow the original estimate to remain always unchanged. Allow the actual work to be the sum of all the developers hours logged to the story, but do not allow the original estimate to be updated.

Use the original estimate number as a way of measuring feature throughput. Allow the velocity of a team to be the number of estimated hours that it completed in sprint. The estimate hours don’t have to have any correlation to the actual amount of work done. The idea is to create a metric, estimated hours, that we can track and use as a means of understanding how much work a team can likely complete in a sprint.

Allowing estimated hours to remain unchanged and mark a team’s velocity will also allow us to better estimate how long features will take to be completed, as once over time we have reliable velocities in terms of estimated hours, it is easy to apply how many estimated hours we have queued up to have a firmer idea of what we can likely accomplish in a sprint, quarter or year even.
At the beginning of each sprint in sprint planning the teams can use a worksheet similar to the below to allocate story’s from the actionable backlog. The team will select the next most important stories whose estimated hours add up to approximately their velocity in estimated hours, allowing for individual team availability.

In their sprint planning sessions teams can then take the stories that they have decided to work on in the sprint and break them down into actionable tasks that can be assigned to specific developers. The teams can decide what tool to use to do this, they can make child stories or use a third party tool like Jira, YouTrack or Trello to manage at the task level. All time would be recorded to the main story if a team does not use child story’s to manage their task level work.

 

Team Meetings and Sprint Size:

 

In order to foster a sense of collaboration and developer buy in we are suggesting the teams have the following meetings every sprint:

  • Sprint Planning Meeting
    • Happens first day of each sprint. The team reviews the story’s assigned that sprint and breaks them down if necessary into smaller tasks they manage as child story’s or in Trello, Youtrack, or some other mechanism of the team’s choosing. Teams take in story’s from their actionable backlog to bring into the sprint. If a story is deemed not defined enough to be worked on it can be kicked back at this point.
    • Goal of Meeting: To break down story’s into discreet parts that team members can work on. To include team members in planning process so their input is solicited prior to starting work.
    • Duration: 4 – 8 Hours
    • Attendees: The team and any stakeholder or manager that has an interest in providing input into how a particular story is implemented.
  • Sprint Review Meeting
    • Happens last day of each sprint. Team reviews how the sprint went. Team creates a list of things they did in the last sprint that they should stop doing, things they did in the last sprint they should continue doing, and things they should start doing that might help mitigate issues the team had in the sprint. Team members submit anonymous numbers between 1-10 grading how the sprint went. These numbers are used to gauge team morale. Finished features in the sprint are quickly demonstrated.
    • Goal of Meeting: To gather feedback from team on how process is functioning. To gather ideas for how process and team can function better from people on the team and to create an environment of inclusion.
    • Duration: Time boxed to 1 hour
    • Attendees: The team and any manager or stakeholder who is interested in hearing about the sprint.
  • Stand Up Meetings
    • Happens every day. Each team member quickly reviews what items they worked on yesterday, what they are planning on working on today and what roadblocks they have. This is not a status meeting and should be limited to only items that are in the sprint.
    • Goal of Meeting: To allow team to assess if it is on track an identify any sticking points as early as possible
    • Duration: Time boxed to 10 Minute Maximum
    • Attendees: The Team and any manager who is interested in hearing it.

In order to facilitate the number and duration of meetings sprints will be lengthened to three weeks so that there is enough development time to accomplish a meaningful feature load.
Teams should also sit together. Cubicles should be rearranged into team pods to foster communication and collaboration amongst team members.

 

Backlog Management:

 

Each team will have an actionable backlog where stories that are believed to be defined enough are placed and ordered by their priority. In each Team’s Sprint Planning meeting they pull in as many story’s from their Backlog as they believe they can accomplish, they should always pull in a number of story’s that is close to the estimated hours their velocity reflects they can handle. If a team needs to accommodate for support work that comes in unannounced then they should take in a smaller percentage of their estimated hour velocity to plan for the support story’s that are expected to appear during a sprint.

The team’s administrator should work closely with group management and stake holders to help make sure story’s placed in its backlog are actionable and can be worked on without too many questions needing to be answered.

To support this change Issue Manager should have a backlog field. This field will allow a story to be added into one of the team’s backlogs, and it is from these backlogs the team will pull when they do their sprint planning.

Management can plan work ahead by making sure story’ are well defined and adding them with appropriate priority into teams backlog.

 

Velocity Tracking

 

Only story’s that are entirely completed during a sprint are counted in the estimated hours that comprise that sprint’s velocity. All the estimated hours of a story that are finished in a sprint are counted in that sprint. Velocity is a rolling average so this will not impact the calculation of overall velocity and helps put the emphasis on completing a story entirely during a sprint.

 

New Developer Onboarding:

When new developers start, especially junior developers, the team structure should assist in their onboarding. Since new developers will be free of having specific story’s assigned to them (they are assigned to the team), they can pair with more senior members and work on tasks that add value to the team while they learn about environment and products. As they learn more and become more valuable they amount of effective hours expected can be increased during sprint planning. Teams can also create their own onboarding steps that are particular to the technologies the team most frequently works with. For instance, each team might have a set of pluralsight courses they expect a new hire to watch over the first 90 days of employment.

 

Build Changes:

To facilitate increased quality our Continuous Integration builds will be changed to break if a certain level of test coverage is not met. For new projects this can be a higher number than existing projects that have little or no existing testing.

Using dependency free unit testing the team should be able to implement code that achieves desired test coverage targets without creating brittle and slow builds that are based on databases existing and having correct data to support testing.

Functional testing will be separated into their own solutions and run on their own builds so they do no block development and the needed fast feedback from Continuous Integration builds.

Decoupling For Unit Testing: Why And How

 

Abstracting Dependencies:

In order to allow code that has dependencies to be tested at the method level, the code must be architected in a manner that allows those dependencies to be replaced and mocked during method level testing.    One example of this is the below class that has one method that needs to print something as part of its processing.  In order to test the method we do not want to actually have to print something as this means to test the method we would need to have a printer setup and operating somewhere every time we tested our method.

The below versions of our example class does not allow for dependency free testing.  In the example the two dependencies it relies on, the repository and printer, are created in the method itself and we cannot exercise the code in this method without accessing a real repository and printer.

public class PersonDetailManager
{    
   public void PrintPersonDetails(int personId)   
      {
          PersonRepository repo = new PersonRepository();        
          Person person = repo.GetPerson(personId);       
             
          StringBuilder personStringToPrint = new StringBuilder();  
  
          personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);       
          personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);      
          personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);       
          personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);          
 
         Printer printer = new Printer();         

         printer.Print(personStringToPrint);    
       }
}

 

The above code cannot be tested unless the entire system can run from end to end.  We should always create functional or integration tests to ensure our entire system functions correctly end to end.  The above method will not be under test until both the person repository and printer objects exist and are configured to run end to end.  By definition this means that if the above code is written before either the printer or person repository is finished, it will not be able to be tested at the time of its completion.  It could be a significant amount of time between when the above code is completed and when it is even possible to test it using this approach.

In order to make the method code itself testable without relying on its concrete dependencies we need to allow the dependencies to be mocked.  To do this two things must happen, first the dependencies have to be delivered as an abstraction.

Delivering  dependencies as an abstraction means they must be provided to our method as either an interface or a base class that marks the methods we use as virtual so that a fake implementation can be created and fake the behavior we wish to test.  Using interfaces makes sure that any fake dependencies we provide during testing will be replaceable, base classes can have implementations that can cause problems, so we prefer using interfaces.

public class PersonDetailManager
{    
   public void PrintPersonDetails(int personId)    
   {        
      IPersonRepository repo = new PersonRepository();        
      Person person = repo.GetPerson(personId);                    
     
      StringBuilder personStringToPrint = new StringBuilder();       
     
      personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);     
      personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);      
      personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);       
      personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);       
     
      IPrinter printer = new Printer();   
      
      printer.Print(personStringToPrint);     
   }
}

 

The second thing that must happen for our method code to be tested on its own is the dependencies must be provided in such a way that fake dependencies can be used when testing.  This means that we cannot ‘new up’ a dependency in our code as we are doing in the first example as this makes the dependency impossible to replace.

There are several means of delivering dependencies in a manner that allows them to be replaced.  The first is simply to pass them in to our method as arguments:

public class PersonDetailManager
{    
   public void PrintPersonDetails(int personId,
                                  IPersonRepository repo,
                                  IPrinter printer)    
   {       
      Person person = repo.GetPerson(personId);                    

      StringBuilder personStringToPrint = new StringBuilder();

      personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);
      personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);
      personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);
      personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);
      
      printer.Print(personStringToPrint);     
   }
}

 

The above strategy allows us to provide fake implementations of our dependencies at run time so we can now test our method code regardless of the state of our dependencies.  We may not want our callers to have to know about the dependencies so we could always create an overload that provides the real dependencies if we want our callers to be unaware:

public class PersonDetailManager
{    
   public void PrintPersonDetails(int personId)   
   {        
      PrintePersonDetails(personId, new  PersonRepository(), new  Printer());   
   }       

   public void PrintPersonDetails(int personId,
                                  IPersonRepository repo,
                                  IPrinter printer)    
   {       
      Person person = repo.GetPerson(personId);                    

      StringBuilder personStringToPrint = new StringBuilder();

      personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);
      personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);
      personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);
      personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);
      
      printer.Print(personStringToPrint);     
   }

 

The downside to the above is that we need to know what the actual concrete dependencies are when we are building our code in order to create the overload method that provides them.  The IPrinter interface may be defined, a matter of fact it needs to be, for us to build our class, but there is no guarantee when we build our code that the implementations of IPrinter will exist or be known.  In order to allow for this we can deliver our dependencies through a factory.  In this way for us to build and test our method code only the factory needs to exist at the time we are writing our code:

public class PersonDetailManager
{     
   public void PrintPersonDetails(int personId)    
   {       
      IPersonRepository repo = DependencyFactory().Get<IPersonRepositor>();
      Person person = repo.GetPerson(personId);

      StringBuilder personStringToPrint = new StringBuilder(); 

      personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);
      personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);
      personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);
      personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);
 
      IPrinter printer = DependencyFactory().Get<IPrinter>();

      printer.Print(personStringToPrint);    
   }
}

 

As long as our factory exists when we are building our method code, and can be changed in testing to return fake implementations of our dependencies, the factory pattern will allow us to deliver the implementations of our dependencies in a decoupled fashion.  This will allow for testing just our method code discreetly.

Delivering Dependencies:

Above we abstracted our dependencies and used a factory pattern to deliver instances of our dependencies in a decoupled manner.  Our class will never know what the actual implementation of IPrinter is, it just knows the factory will provide one when we need it.  In order to use a factory pattern we have to build and maintain our factory.  We need to have mappings from abstractions to implementations at run time that allow the correct implementation to be delivered.

We can build our factory by hand, but it turns out there are in existence a number of third party tools called Inversion of Control containers, ‘Ioc Containers’ for short, that do essentially this already.   Ioc Containers allow you to register implementations of abstractions and then have the registered implementations delivered when an abstraction is requested.  All that has to happen is for implementations to be registered as the implementer of an abstraction.

Microsoft’s Ioc Container is called ‘Unity’ and to register implementations for our example we would  run something similar to the following code somewhere in the startup of our application:

var container = new UnityContainer();
container.RegisterType<IPrinter, Printer>();
container.RegisterType<IPersonRepository, PersonRepository>();

 

The above code tells our inversion of control container, Unity in this case, that if an IPrinter is requested, return a Printer instance to satisfy the request.  In our code instead of our factory we can reference the container to resolve our dependency.  Using the container directly in your code to resolve dependencies is called the service locator pattern.  It is called this because you are locating the service you need at the time you need it.  One downside to this is that the dependency is not easily seen unless you look at the method’s implementation.  Looking at the class definition itself you would never know the class requires an IPrinter and an IPersonRepository to operate.

 

public class PersonDetailManager
{     
   public void PrintPersonDetails(int personId)
   {
      var container = new UnityContainer();

      IPersonRepository repo = container.Resolve<IPersonRepository>();
      Person person = repo.GetPerson(personId);
      StringBuilder personStringToPrint = new StringBuilder();

      personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);
      personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);
      personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);
      personStringToPrint.Append("Address: " + person.Address + Environment.NewLine);

     IPrinter printer = container.Resolve<IPrinter>();
     printer.Print(personStringToPrint);
  }
}

 

We can write test code that registers fake implementations so our method code can be exercised without any real implementations yet existing.  We can create our own test classes that implement IPrinter and IPersonRepository and register them in our container for testing.  Our fakes might hard code return values and just save values sent to them for us to inspect in the asserts of our tests.  A sample test could look like the below:

[TestFixture]
    public class PersonalDetailManagerTests
    {
        class FakePersonRepository : IPersonRepository
        {
            internal static Person FakePersonReturned;
 
            public Person GetPerson(int personId)
            {
                return FakePersonReturned;
 
            }
        }
 
        class FakePrinter : IPrinter
        {
            internal static StringBuilder BuilderSentToPrint;
 
            public void Print(StringBuilder personStringToPrint)
            {
                BuilderSentToPrint = personStringToPrint;
            }
        }
 
        [TestFixtureSetUp]
        public void SetUp()
        {
            var container = new UnityContainer();
            container.RegisterType<IPrinter, FakePrinter>();
            container.RegisterType<IPersonRepository, FakePersonRepository>();
        }
 
        [Test]
        public void First_Name_First_Line_Of_Print_Test()
        {
            //--Arrange
            int personId = 33;
            FakePersonRepository.FakePersonReturned = new Person
                {
                    FirstName = "firsty",
                };
 
            var itemToTest = new PersonDetailManager();
 
            //--Act
            itemToTest.PrintPersonDetails(personId);
 
            //--Assert
            Assert.IsTrue(FakePrinter.BuilderSentToPrint.ToString().StartsWith("First Name: " + FakePersonRepository.FakePersonReturned.FirstName));
        }

 

 

The service locator relies on our code using the container as a dependency to acquire the dependencies it requires.  This means that our method needs to have an actual container to work, so we are coupled to a container, but at least only to this.  This is why in the above test code as a setup we have to register our fakes with the container, because our code actually uses the container to get the dependencies.  Also, as we stated before, there is no way of knowing what this class is dependent on without looking through the methods themselves.

In order to resolve the issues of being coupled to a container and not having visibility into what dependencies a class has most Ioc Containers implement a feature called constructor injection.  Constructor injection puts the dependencies for  a class discreetly in the constructor, removing the dependency to the container itself, and making it clear to any user of the class what dependencies the class has.

 

Constructor Injection:

Instead of asking the container for our dependencies we can change our class so that any dependencies are taken in our class’s constructor.  The dependencies are then stored as local private variables.  Our class would be changed to the below:

 

public class PersonDetailManager
{
  IPersonRepository _repository;
  IPrinter _printer;

  public PersonDetailManager(IPersonRepository repository,
                             IPrinter printer)
    {
         _repository = repository;
         _printer = printer;
    }

    public void PrintPersonDetails(int personId)
    {

       Person person = _repository.GetPerson(personId);           
 
       StringBuilder personStringToPrint = new StringBuilder();
 
       personStringToPrint.Append("First Name: " + person.FirstName + Environment.NewLine);
       personStringToPrint.Append("Last Name: " + person.LastName + Environment.NewLine);
       personStringToPrint.Append("Phone: " + person.Phone + Environment.NewLine);
       personStringToPrint.Append("Address: " + person.Address + Environment.NewLine); 

       _printer.Print(personStringToPrint);
 
    }
}

 

Now we can give our dependencies to our class directly so our test code can be changed to eliminate the need to interact with the container at all in our tests:

[TestFixture]
    public class PersonalDetailManagerTests
    {
        class FakePersonRepository : IPersonRepository
        {
            internal static Person FakePersonReturned;
 
            public Person GetPerson(int personId)
            {
                return FakePersonReturned;
 
            }
        }
 
        class FakePrinter : IPrinter
        {
            internal static StringBuilder BuilderSentToPrint;
 
            public void Print(StringBuilder personStringToPrint)
            {
                BuilderSentToPrint = personStringToPrint;
            }
        }
 
        [Test]
        public void First_Name_First_Line_Of_Print_Test()
        {
            //--Arrange
            int personId = 33;
            FakePersonRepository.FakePersonReturned = new Person
                {
                    FirstName = "firsty",
                };
 
            var itemToTest = new PersonDetailManager(new FakePersonRepository(),
					             new FakePrinter());
 
            //--Act
            itemToTest.PrintPersonDetails(personId);
 
            //--Assert
            Assert.IsTrue(FakePrinter.BuilderSentToPrint.ToString().StartsWith("First Name: " + FakePersonRepository.FakePersonReturned.FirstName));
        }

The above tests and code work, but it would appear anyone who wants to use our code would have to pass in the actual implementations of our dependencies, as we have in our test. Most Ioc containers, however, have a feature where they will provide dependencies in the constructors of instances they produce if the dependencies are registered with the container.  What this means is that if I request a PersonDetailManager from the container and I have registered implementations for the dependencies PersonDetailManager needs the container will automatically provide them and pass them as parameters to the PersonDetailManager when it builds it.

Practically this means that in an application I only need to request an instance of an object at the top of a dependency tree and the Ioc Container will handle fulfilling all dependencies listed in the constructors of instances the container provides.  If at the start of my application I have the following registration code:

 

var container = new UnityContainer();
container.RegisterType<IPrinter, Printer>();
container.RegisterType<IPersonRepository, PersonRepository>();
container.RegisterType<PersonDetailManager, PersonDetailManager >();

 

Then later in code I request a PersonDetailManger from the container, the container will automatically deliver the registered instance for IPersonRepository and IPrinter that it will need to construct a PersonDetailManager.

 

var personDetailMangaer = container.Resolve<PersonDetailManager>();

 

The above means that we only need to use the service locator pattern at the top of dependency trees.  Examples of the top of a dependency tree are a ServiceHostFactory in WCF, ControllerFactory in ASP.net MVC or the ObservableFactory in our MVVM framework.   Anything that is consumed by the top level or further down in the tree just needs to be created with its dependencies listed as abstractions in its constructor.

What constructor injection allows you to do is make a clear pattern for how to access dependencies in development, put the dependency as an abstraction in your constructor, and allow the container to manage delivering the dependency at runtime.  This allows the developer to focus on building code as they have a known pattern for how to build code, and also to test as they have a known pattern for how to replace dependencies in test code.   Constructor Injection also allows developers to build and test code without all dependency implementations being fully operational or accessible at the time they are building.  Class dependencies are also explicitly stated as they are all listed in the class constructor.

In our test examples above, we create our own fakes or mock dependencies, but similarly to Ioc Containers there are many mock libraries that exist that already provide rich mocking functionality so we don’t have to roll our own.

 

Mock Objects:

There are many mock libraries for .net, NMock, Moq, RhinoMocks just to name a few.  What these libraries do is allow you to quickly create a mock instance of an interface and program that instance to act as you would like in your test, and also record calls against it so you can ensure the dependency was called as you expect in your code.  Each mock library has slightly different syntax, but each performs the same basic set of behaviors, allowing the programming of a mock instance, and interrogating how the mock instance was called.

Using nMock the below shows how we program a mock instance of our IPersonRepository to return a predefined person, and how we would check to see how our IPrinter mock instance was called as we expect it to be:

[Test]
public void First_Name_First_Line_Of_Print_Test()
{
   //--Arrange
   int personId = 33;
   var fakePerson = new Person
    {
        FirstName = "firsty",
    };

   var mockFactory = new MockFactory();

   Mock<IPersonRepository> mockPersonRepository = mockFactory.CreateMock<IPersonRepository>();
   Mock<IPrinter> mockPrinter = mockFactory.CreateMock<IPrinter>();
 
   //--program mock to return fake person if personId passed
   mockPersonRepository.Stub.Out.MethodWith(x => x.GetPerson(personId)).WillReturn(fakePerson);
            
   //--program mock to expect first name first line of stringbuilder passed in
   mockPrinter.Expects.AtMostOnce.Method(x => x.Print(new StringBuilder()))
	.With(NMock.Is.Match<StringBuilder>(sb => sb.ToString().StartsWith("First Name: " + fakePerson.FirstName)));
 
   var itemToTest = 
	new PersonDetailManager(mockPersonRepository.MockObject, mockPrinter.MockObject);
 
   //--Act
   itemToTest.PrintPersonDetails(personId);
 
   //--Assert
   //--make sure expectations met, will enforce expectations, but not stub calls.
   mockFactory.VerifyAllExpectationsHaveBeenMet();
}

 

The syntax above would be similar for Moq or RhinoMocks and would achieve the same purpose.  The below is the syntax for RhinoMocks.  What I like better about Rhinomocks and Moq is I can make my verifications explicit and place them at the end after I run my test instead of setting them before in expectations.  This is called the Arrange, Act, Assert or AAA testing patter:

[Test]
public void First_Name_First_Line_Of_Print_Test()
{
//--Arrange
int personId = 33;
var fakePerson = new Person
    {
        FirstName = "firsty",
    };
 
IPersonRepository mockPersonRepository = MockRepository.GenerateMock<IPersonRepository>();
IPrinter mockPrinter = MockRepository.GenerateMock<IPrinter>();
 
//--program mock to return fake person if personId passed
mockPersonRepository.Expect(x => x.GetPerson(personId)).Return(fakePerson);
            
 
var itemToTest = new PersonDetailManager(mockPersonRepository, mockPrinter);
 
//--Act
itemToTest.PrintPersonDetails(personId);
 
//--Assert
//--program mock to expect first name first line of stringbuilder passed in.
mockPrinter.AssertWasCalled(x => x.Print(Arg<StringBuilder>.Matches(sb => sb.ToString().StartsWith("First Name: " + fakePerson.FirstName))));
}
}

You can also use AAA syntax in Moq as below:

[Test]
public void First_Name_First_Line_Of_Print_Test()
{
//--Arrange
int personId = 33;
var fakePerson = new Person
    {
        FirstName = "firsty",
    };
 
    Mock<IPersonRepository> mockPersonRepository = new Mock<IPersonRepository>();
    Mock<IPrinter> mockPrinter = new Mock<IPrinter>();
 
//--program mock to return fake person if personId passed
mockPersonRepository.Setup(x => x.GetPerson(personId)).Returns(fakePerson);
            
 
var itemToTest = new PersonaDetailManager(mockPersonRepository.Object, mockPrinter.Object);
 
//--Act
itemToTest.PrintPersonDetails(personId);
 
//--Assert
//--program mock to expect first name first line of stringbuilder passed in.
mockPrinter.Verify(x => x.Print(It.Is<StringBuilder>(sb => sb.ToString().StartsWith("First Name: " + fakePerson.FirstName))));
}

 

AutoMocking:

 

What you may have noticed in both my nMock and RhinoMocks tests was that I had to explicitly declare my mock objects, this can get tedious if you multiple dependencies and many classes you are testing.  Automocking is a feature that some Ioc Containers provide that automatically creates mock instances of all dependencies on a class when you ask for the class under test.  Doing this removes the need for the developer to add code to create each mock dependency the class under test will require.

Below is how our test would look using an Ioc named StructureMap with RhinoMocks and  automocking.  Notice the mocked dependencies exist on the class under test by default now:

[Test]
public void First_Name_First_Line_Of_Print_Test()
{
//--Arrange
int personId = 33;
var fakePerson = new Person
    {
        FirstName = "firsty",
    };
 
var autoMockedItem = new RhinoAutoMocker<PersonDetailManager>();
 
//--program mock to return fack person if personId passed
autoMockedItem.Get<IPersonRepository>().Expect(x => x.GetPerson(personId)).Return(fakePerson);
 
    
//--Act
autoMockedItem.ClassUnderTest.PrintPersonDetails(personId);
 
//--Assert
//--program mock to expect first name first line of stringbuilder passed in.
autoMockedItem.Get<IPrinter>().AssertWasCalled(x => x.Print(Arg<StringBuilder>.Matches(sb => sb.ToString().StartsWith("First Name: " + fakePerson.FirstName))));
}

 

This is the same automocking feature using StructureMap and Moq:

[Test]
public void First_Name_First_Line_Of_Print_Test()
{
    //--Arrange
    int personId = 33;
    var fakePerson = new Person
    {
        FirstName = "firsty",
    };
 
    var autoMockedItem = new MoqAutoMocker<PersonaDetailManager>();
 
    //--program mock to return fack person if personId passed
    autoMockedItem.Get<Mock<IPersonRepository>>().Setup(x => x.GetPerson(personId)).Returns(fakePerson);
 
 
    //--Act
    autoMockedItem.ClassUnderTest.PrintPersonDetails(personId);
 
    //--Assert
    //--program mock to expect first name first line of stringbuilder passed in.
    autoMockedItem.Get<Mock<IPrinter>>().Verify(x => x.Print(It.Is<StringBuilder>(sb => sb.ToString().StartsWith("First Name: " + fakePerson.FirstName))));
}

 

Using automocking above lowers the setup overhead of using multiple dependencies in a class.  Automocking combines a container and a mock object library (above StructureMap and RhinoMocks or Moq), to allow dependencies to be automatically fulfilled by mock objects without having to define each mock object and pass to its constructor.  This is helpful where new dependencies are added so older tests do not have to be updated to add new dependencies in their constructor, automocking will automatically add a non-programmed mock to any test that creates its test class using the automocker.

 

Creating Tests When Creating Code

 

Test Driven Development is the process of writing tests that fail first, then writing code that makes the tests pass.  This ensures that tests exist, that they can fail if the condition they are testing is not met, and that the code written makes the test pass.  It has been documented that this process significantly decreases defect rate without adding significant development time. (http://www.infoq.com/news/2009/03/TDD-Improves-Quality).  Writing tests when code is written ensures that tests exist and that code is architected to be testable.  Whether or not the tests are truly written test first or written as you go along is not that important.  What is important is that the tests are not added later as this increases time as the test writer has to become familiar with the code they are writing tests for, and if any bugs are found any code that has come to rely on the class with the bug may need to also be changed to accommodate any fixes.  Finding bugs long after the code has been writing becomes more costly to fix since there may now be dependencies on the flawed code.

Writing unit tests that exercise method code at the time the method code is written is to ensure that the code does what the developer intends it to do when the developer writes the code.   As a process developers should write method testing unit tests when they write their code and should use constructor injection, mock libraries and automocking to establish efficient patterns to make this testing relatively quick and easy to implement.  Using this architecture also allows developers to write tests regardless of whether there are working or configured instances of the concrete implementations of their dependencies.  This allows development of code and its dependencies to be concurrent, code can be written as long as the signature of a dependency is known, not its full implementation.  Testing at the time of development allows for the possibility to catch bugs at the earliest possible time, and perhaps even stop some from ever existing.

 

Automating Method Tests In Continuous Integration Builds

 

Once method level tests exist they show that method code does what the developer intended it to do.  They also mock dependencies so should run relatively quickly and require no other resources to run.  Method level unit tests can be run without any dependencies actually existing or being reachable.  For this reason it is these tests that should be run on Continuous Integration builds.  By running just these tests builds run quickly, and these test ensure code has not been broken on the method level.

Functional and integration tests should be automated but should run separately and not block Continuous Integration builds as they can be long running and brittle and remain broken for long periods of time, rendering the Continuous Integration build less effective as when it is broken it is more likely due to brittle functional tests than actual code issues and is frequently ignored.