Unit testing is important and a developer has to create unit test code to automate the unit testing process. But it is always that the code the developer has written is dependent on code that would be written by some other developer. When that code is not be ready yet, it will be difficult for developer 1 to write his/her unit test code. To make it simple, lets say developer 1 develops code for class A and class A is dependent on class B. Class B has to be done by another developer or let’s say that the design is not ready yet to write code for class B.

So how does developer 1 create his unit tests when the dependent class is not ready? The answer is to mock the code B. The mock object is a dumb object having same method and field signatures but with a different class/program name (example BMock) and the methods always return back a static output. The mock object is a temporary object to fool the test case of object A that the functionality dependency will be met by the class BMock. Once the actual class B is ready, it is just a matter of replacing the BMock declaration and instantiation to B. Now this process can even be made simpler when coding to an interface. The Mock object is an implementation of the same interface that the actual implementation would implement. In this case the changes necessary after the original implementation is available will be minimal.

Mocking frameworks help in creating mock objects to reduce the additional effort required to create these classes. There are several mock frameworks. Some of them listed below.

1. EasyMock - Generates mock objects for interfaces on the fly
2. JMock - Lightweight framework that can be extended and configured
3. rMock - Another framework for Java that can be used with JUnit
4. EasyMock.net - EasyMock for the .Net environment
5. MockR - Mock for Ruby

To kick start with EasyMock, here is a good article “Getting started with EasyMock“.

SQL Injection happens when keywords/characters specific to the database requests are injected via user input.  The best example to explain about SQL injection would be the search text box in a web application.  We know that some of the characters in SQL query are used for special purposes.  Say for example the “%” in a query that uses like keyword matches anything.  Suppose if I give a search text as “Hello %” and click on search the application that does not avoid SQL injection might bring results that has “Hello” followed by anything.  What I might really want is to bring results that actually contain “Hello %”.  The search example was a simple scenario; think about critical applications like banking applications.  If the input is not scrutinized for SQL injection the result could be catastrophic. Few languages provide built in functions to escape SQL injection before an input from user is passed with the query.  Refer Vlado’s blog on SQL Injection for good reference links.

I was reading through the “Ten Commandments for Java Developers“. One of the commandments was about using print lines. I think using the print statement is the most common mistake that any developer does. I think it has become habit when you want to debug, you add a print statement and see if the execution reaches that point. I am not complaining about the approach but the side effect has impacts. Since the print statements are scattered across it is most likely that a developer forgets to remove them when the code moves on to the next stage. Unless the code reviewer deeply goes into the code and catches it and gets it corrected it is more likely that one or two slip and get into the code where it gets deployed in the server.

Print statements consume resource in terms of I/O operations. It is a good practice that developers start using logging frameworks for debugging process from the beginning. You might ask what difference does it make because even the log framework has to write the statements to a log file which is again an I/O operation. Agreed, but the log framework is built efficiently and tested for performance. And log operations can be configured to be environment specific. Below are the advantages of using a log framework.

1. Most of the log frameworks allow you to set a log level mode which identifies when a particular log statement should execute. For example log4j defines 5 log levels, viz., debug, info, warn, error and fatal. If there is a log debug statement and the logging level is at a Warn mode then the debug statements are not executed. In a development environment debugging would be required but in a production environment you might want only errors to be logged, so it is just a change in the log property file.
2. The logging framework is loosely coupled with your application. Which means the framework can act independently on a separate thread, you just pass on the message and it takes care of putting it in the log file. And even if something goes wrong in the log framework, it does not stop your application.
3. The log framework might allow additional features like log rotation which helps in creating a new log file every day or a specified duration. This way older log files could be cleared off which will free disk space.

There was an interesting JavaScript phenomenon while I was working with my team on a requirement. I mean it was more to do with the peculiar behavior when dynamically creating a Javascript function. Download the file event_test.txt and rename the file to event_test.html and open it in a browser.

The HTML will display a table with 1 row and 3 columns. The eventTest JavaScript function gets called when the page loads which binds a mouse over event showCounterNumber on every cell passing in the cell id which is also the cell number. On mouse over the cell number has to be displayed. You will notice that the alert always displays “3″ which is the value of the variable i after the loop completes in the eventTest method. You might have expected the value getting passed here, but looks like the variable reference is taken here. So if I wanted to have this page work the way we expect to work, the eventTest had to be changed to something like below.

function eventTest()
{
document.getElementById(0).onmouseover = function (){showCounterNumber(0)}
document.getElementById(1).onmouseover = function (){showCounterNumber(1)}
document.getElementById(2).onmouseover = function (){showCounterNumber(2)}
}

This would work as the value is directly hard coded rather than passing it through a variable. But in the actual requirement that we have, since the number of cells and which cell has to be bound to a mouse over event is dependent on lot of criteria and gets framed from the application on the server, what is the solution to this problem? The answer lies in the question itself, the eventTest method itself had to be created on the application running on the server and sent to the browser. By that way when the JavaScript reaches the browser it is something of the above form. Mysteriously the question remains in my mind why the integer value to the showCounterNumber has to be pass by reference when we have known the primitive types are passed by value?

There is a saying in Tamizh (my mother tongue) that when you are stuck with a thorn you can take that out easily with another thorn. Similarly a diamond can be cut with a diamond. A cop should think like a criminal to catch a criminal. A developer should think like a tester and try to break his own code. A tester should think from many, a user, business, sales, marketing, usability even a hacker. If A = B and B = C, D and E then implicitly A = C, D and E. Thus a developer should also think like whatever a tester is thinking. Ultimately this boils down to one thought a developer should have. Never be easily satisfied with your code, test it by all means and try to break it. That’s the mantra to delivering a bug free code. And make it as tough as possible for the testers to break your code. Once you get into this habit, it is difficult to get away from it and in the process you learn a lot. Besides it also makes you think and be innovative because as your code gets to a stable level you have to be innovative to break it. All said it requires an attitude to think your code is breakable.

The origin of the above thought came to me when I was reading this blog “The Devil’s Guide to Google“.  The steps given in the blog come handy to a cyber criminal but these are points to watch from Google’s perspective if not already been taken care of.

To be smart and sharp requires the thought reflex to be so fast that it comes out naturally and helps you tackle the situation. I enjoyed reading this item “A Policeman Testifies in Court“. Really sharp and smart.

Happy weekend!

My friend and colleague Sumanth who is an ardent fan of Firefox and Firefox extensions presented to everyone on some fantastic extensions that helps a web developer. This post is dedicated to him as I borrowed from him the extension list, descriptions and the link.

1. IE Tab - Browser compatibility is the biggest challenge a web developer would face. This extension will help in opening an Internet Explorer browser instance within Firefox browser.
2. Web Developer - I had already posted about Web Developer firefox extension.
3. FireFTP - Smart FTP browsing within Firefox. The extension comes handy when you want to ftp the files to a hosting server.
4. Customize Google - This extension gives ability to search in other search engines apart from Google from within the page.
5. Session Saver - Opera browser lovers would love to have this. This stores the state of the web sites open. Say I have opened 10 web sites in individual tabs within firefox. I close Firefox, come next day and I want to retain wherever I left, open Firefox, voila are there where you left!
6. Del.icio.us - Easy social bookmarking from within Firefox.
7. Cool Iris - Gives preview of web sites on mouse over of a link in the page.
8. ScrapBook - Take notes from within Firefox.
9. Morning Coffee - Collect your favorites you want to open up the first thing in the morning. On click of a button you have them opened up.
10. Advanced Dork - Highlight a keyword in the page and right click to search that keyword with several filter options.
11. FEBE - Take backup of all the firefox extensions, bookmarks and cookies.
12. JSView - Provides view of all the javascripts including the ones that are linked.
13. View Source Chat - Formats the page showing the HTML, CSS highlighted with easily viewable interface.
14. URLci - Similar to Tiny URL. Comes handy when you want to link large URL’s like Amazon’s.
15. Colorzilla - Scroll over on any part of the page and it displays the color code in RGB and Hex format.

Sumanth was unstoppable when he took the session. What I have listed above were few of them that I felt will really help developers.

The AJAX fruit seems to be sweet, but everything comes with a price. For example security is really an area of concern as I had posted in the article “Same Origin Policy“. This article “AJAX Security Basics” on Security Focus explains AJAX and the security implications of AJAX. One of the challenges in the development lifecycle of a project involving AJAX is the testing part. Traditional way of testing an AJAX application will not help in covering the functionalities implemented with AJAX. Here are some insights and approaches to System testing AJAX applications from AJAX Patterns.