Skip to content

Testing Joomla extensions

June 23, 2011

Joomla is a very powerful, free and open source CMS, hum.. more than just a CMS because of its extendibility. Joomla is also very popular due to its flexibility and security. As joomla works each day to enhance its security to the peak, we extension developers/ software qa professionals also have a greater responsibility to do as much as possible from our side to enhance the security of extension we develop or test. We should always keep in mind that a single vulnerable extension installed in joomla site could compromise the integrity of whole joomla site. So let’s take steps to secure the extensions we build.

IU Testing

The first test to a joomla extension is IU test (installation and Uninstallation test) or installer test, in this test we install and uninstall the extension at least 2-3 times to verify there is no bug during installation or Uninstallation.

During this test we also verify every file that is targeted to be installed should be installed during installation and removed during Uninstallation. To verify the files are folders written we can also use the size measurement method during which we compare the size of  unzipped folder of extension before installation and size of folder at the targeted place after installation(for this please unzip the installer in the same pc where you have installed the installer). Sometimes all the files are not written in the same folder during installation so we must be careful about the places where the files are written.

Also here we verify targeted table is created with default values or targeted values during installation and the tables are removed during Uninstallation

Most of time during Uninstallation we forget to remove language files and images related to the extension which is not good. So try clearing everything that has been installed during Uninstallation.

You can also refer to  https://narainko.wordpress.com/2011/04/25/iu-test/

Functional testing

For this testing we have to understand the system properly, each small unit must be well understood. Proper analysis derives to good functional test, understand the critic level of the system first, then understand the critic level of each function involved, for example a payment system is more critical than a gallery management system and a heart beat monitoring system is more critical than a payment system etc. If understand the critic level of system as a whole and then understand the critic level of individual units. If we understand critic level of each unit then we can prepare good test case and test the system.

For functional testing of system, it is very important to test each unit well and then test with integration and later test the whole system, in some cases we miss to understand the dependencies so understanding of dependencies lead to good integration and system testing.

Be logical and sharp, test the values altering, changing the ids and id values associated is important, we can use firebug, fire cookie in this case to alter the value of text fields, session or cookie. Also there are many Firefox addons targeted to make testing easy like hack bar, sql inject me, total validator for manual functional test.

Besides the logical correctness, check the validation of each user fields even the hidden one and never rely on client side validation, make sure there is always server side validation of fields.

Also be careful the css, js are related to mainly module are placed inside the extension and also don’t create any sort of conflicts. Mainly the confict with different mootools versions used or mootools jquery used can cause the script problem leading to fail the targeted output or even input to system.

Design Testing

Design testing is also important as functional testing; Mostly the design has to be looked carefully in different browsers as all browsers do not show the same design, the proper design seen on Firefox may be stretched in IE or chrome, so in this case IE fix or chrome fix should be used so that design is always the same in all browsers.

Also in the case of design testing, test extensions (mainly module as component has always a fixed position) placing on different positions, don’t fix the width of module or component so they can be clearly seen and also make sure they don’t hamper the layout of site. Flexible width is very good in most of the cases. Also testing extensions in few more templates will always be good to see the css are not overwritten and design is not affected.

Sometimes the improper color combination can hide the functionality for e.g. high contrast yellow background and light yellow, grey font colour or black background so be conscious on that too.

Security testing

Another important part of extension testing is security testing. There are lots of things we have to be careful at such as

SQL injection

Cross Site Scripting (XSS)

Cross Site Request Forgery (CSRF)

Directory Traversal /Sensitive directory or files exposure

And lot more..

And I’ll be writing about them in next phase along with the description of each topic and  how to be on safe side.

Also  there  you can  apply these steps for wordpress extensions, drupal extensions testing.

Also if you have more idea about testing the extensions I request you to write

NOTE: – during testing of joomla extension make sure you have set the error reporting to highest level,   so that even small notifications due to the use of sort tags, missing variable declaration etc are also caught and fixed before the extension goes live.

Advertisements

From → Joomla

3 Comments
  1. Thats a nice step…We’ll be waiting for more details on remaining issues on next post 🙂

  2. Suwish permalink

    ya its very helpful…Thanks for the info…

  3. sure permalink

    one of the nice article specially for those who are involved in software testing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: