Application Security Testing: An Integral Part of DevOps
Microsoft's PEX and Moles are two frameworks that can generate test suites with high code coverage. While the PEX Framework is an automated White Box Testing tool that can be integrated with Microsoft Visual Studio IDE seamlessly, the Moles Framework is a Microsoft Visual Studio Power Tool that is available as free download and can be used with both Microsoft Visual Studio 2010 and Microsoft Visual Studio 2008. This article presents how this tool can be used in your applications and discusses why it is useful.
To work with Microsoft Moles framework, you should have the one of the following installed in your system:
- Microsoft Visual Studio 2008 with SP1
- Microsoft Visual Studio 2010
You can download a copy of Microsoft Moles framework from this link:
To take advantage of the concepts discussed in this article, you should be familiar with all of the following:
- Microsoft Visual Studio 2010
- C# programming language
- .NET Framework
- Basic knowledge of building, debugging, and testing software applications
Unit Testing, Black Box Testing and White Box Testing
Unit Testing is the act of testing a small unit or piece of code in your application, isolate it from the rest of the application's code and see how it behaves, i.e., if it produces the desired results. Note that each of such units is tested separately. A unit test may also be defined as a small piece of code with assertions that can be used to test the small piece (or unit) in isolation. A unit test essentially comprises of data, method sequence and assertions. You can use unit testing to easily identify the bugs in your application's code and then plan measures to fix them.White Box and Black Box are two of the widely used types of testing software applications. While Black Box testing involves an external view of the test object, White Box testing is a type of testing that is done by the developer of the code. It requires knowledge of how the code works and how it is structured. In Black Box testing you have lesser code coverage and it doesn't consider all scenarios. In essence, Black Box testing involves testing the functionality of the application as opposed to testing how the internal program structures work. White Box testing has more code coverage and helps you find more potential errors in your application code. If used properly, White Box testing can help you get a more stable build for your application.
What is Moles Framework - Where Does it Fit In?
So, what's the Moles Framework all about? Here's what Microsoft says: "Moles is a lightweight framework for test stubs and detours in the .NET framework that is based on delegates. Moles may be used to detour any .NET method, including non-virtual/static methods in sealed types. Moles is freely available on Microsoft Visual Studio Gallery or bundled with Pex."
You can use the Moles framework to have your code isolated from any external dependencies and then test how the code behaves, i.e., whether it produces the desired results. Note that the Moles framework would create the necessary delegates in lieu of the external dependencies your code might need to get executed.
Before you get started using Moles, you should ensure that Moles Isolation Framework for th .NET framework is installed in your system. You can download a copy of this from the link provided at the beginning of this article in the section "Pre-requisites".
Using the Moles Framework with ASP.NET
Let's assume that you have already created a sample ASP.NET project using Microsoft Visual Studio 2010. Let me now run you through the steps you need to follow to get started using the Microsoft Moles Framework for the first time!
Follow these steps to use Microsoft Moles framework in your ASP.NET applications:
- Open Microsoft Visual Studio 2010
- Click on File-> Add -> New Project -> Test -> Test Project to create a new test project
- Add the
System.Webassemblies to your test project
- Select your Test project in the Solution Explorer and click Add -> New item
- Select the Moles template named "Moles and Stubs for Testing"
- Now, name this Moles Generation Tool definition file as
System.Web.molesand click Add
The Moles framework would now automatically generate an assembly with the necessary mocks and stubs of the target assembly (System.Web) and add them to the test project you have created. In essence, whatever your specified target assembly is, you should suffix that with ".moles" when you are naming the Moles Generation Tool definition file. In doing so, the mocks and stubs would be generated for the target assembly automatically.
And, that's it! You are now ready to start writing your unit tests!
Executing Moles on Assemblies from the Command Line
Note that you can also run Moles from the command line on your assemblies. To do this, here are the steps you need to follow:
- Open the Microsoft Visual Studio 2010 command prompt
- Navigate to the folder in your system that contains the assemblies you would want Moles to be executed on
- Now type in the following command from the command prompt:
Moles.exe <name of the assembly file>
That's it! When you do this, the Mole assemblies would be generated as long as the assemblies and their dependent assemblies are available.
According to Microsoft: "Moles is a lightweight framework for test stubs and detours in .NET that is based on delegates. Moles was designed provide a minimal overhead to the Pex white box analysis, and it encourages programmatic models rather than record/replay tests. Moles may be used to detour any .NET method, including non-virtual/static methods in sealed types." Reference: http://visualstudiogallery.msdn.microsoft.com/en-us/b3b41648-1c21-471f-a2b0-f76d8fb932ee
In using Stubs, Moles and Pex framework from Microsoft, you can easily implement isolated parameterized unit testing in your applications seamlessly. You can use them in conjunction to have Lightweight Test Stubs and Moles for your .NET applications, make your applications easily testable, identify the bugs, fix them and then come up with a bug free code. This article presented a head start to understanding and working with Microsoft Moles framework for building applications that are error free. Happy reading!
Here are a few links to that provide further references on this topic: