WALint (Web App Lint) is a script that checks for the compliance of a web application.
- WALint is configured via a config file that lists
- the root url of the web app [ok]
- for each service: path, supported methods [ok]
- a list of points to control (each control has a unique id) [ok]
- hooks to be called before and after every request is made [ok]
- hooks to be called before and after a request on a specific service is made [ok]
- WALint provides
- a default list of built-in controllers [ok]
- a UnitTest integration so it can be called in a test campaign
- a Cornice integration so the list of services is automatically generated
config file example
[walint] root = walint.tests.testapp.application ; you can define controllers with an alias so they are easy to use multiple ; times [controller:auth-basic] location = walint.controllers.auth_basic params = foo bar ; services defines paths and methods. [service:bar] path = /bar methods = GET|PUT|POST [service:baz] path = /baz methods = * [test:testauth] ; Test for basic authentication on bar and baz services = bar GET baz PUT|POST controllers = auth-basic ; singles are run only once (they get all the defined services ; as an argument and the configuration) singles = walint.singles.check_404
list of built-in controllers
- [WALINT001] 400, broken Authorization header on a web service that requires authentication [OK]
- [WALINT002] 400, broken json on a web service that requests json objects [OK]
- [WALINT003] 401, failed auth [OK for basic auth]
- [WALINT004] 404, on a random URI call [OK]
- [WALINT005] 405, wrong HTTP method but a valid URI
- [WALINT006] 406, the request's Accept headers don't match the available content types that the server can produce [OK]
- [WALINT007] 411, missing Content-Length on a PUT or POST
- [WALINT008] 413, large PUTs and POSTs (size tbd 3MB ?)
- [WALINT009] 414, over-long URIs (size?) [OK]
- [WALINT010] 418, TEAPOT !
- [WALINT011] 430, request header fields too large,
building a custom controller
WALint loops on every service defined in [services], and for every method
A controller is a callable that receives a WebTest app instance, an URI and a method, and performs a test.
- If the test failed, the controller can raise an assertion
- If the controller is not compatible with the method, if can return immediatly
The controller is responsible for the call and the check of the response.
unit test integration
WALint provides a unittest.TestCase class that reads a config file and generates on the fly one test method per controller when called. That allows it to be integrated in an application test runner.
The "wsgiapp" option can be used instead of "root". In that case WALint instanciates the WSGI application and run the tests against it instead of calling a distant server. (technical detail: WALint uses WSGIPRoxy internally to call distant apps)
The config file may point to Cornice definitions. In that case the list of services are listed automatically.