A follow-on to the risk catalogue from previous assignment and DW post. Again here is a messy blog post on methodology and what the cat was doing (yowling) while download LibO to my iMac and as I struggle to put together the formal report specified in the assignment.
LibO lastName entry points
I started off this morning at the VW dealership with some exploratory testing to see if any of the spare few test ideas I have noted are feasible/sensible. I quickly realized a few key things. To keep my test case collection manageable I should probably settle on one or at most two ways to input values of the variable under test. In my initial risk catalog write-up (cf prev post) I identified three major entry points: start-up wizard, options, read from user settings.
The other immediate discovery was that my IdeaPad didn't have OpenOffice.org (OOo) but LibreOffice (LibO) due to Ubuntu's reaction to some software industry nonsense I'll not address further here. LibO doesn't seem to have a new-user wizard so I dived right into Tools/Options and User Data settings. Although I'd removed all of the LibO configuration for my user before starting to poke around (rm ~/.libreOffice) it pre-filled first and last name from the OS, leaving initials blank. The previously documented relationships amongst these fields is detailed in the earlier report (prev post). More interesting still is that initials are calculated live as data is entered into first name and last name. This is a bit of functionality I thought I had seen in OOo but couldn't find the builds I tested a few weeks ago so I was quite pleased.
Seeing an opportunity for some mischief I set about testing that functionality a bit and quickly found what I was doing instead/first was (quick)testing the input lastname boundary values. I prodded at the field with Python and the clipboard and eventually found that excessively long alphanumeric input was truncated at 65534 characters when an apologetic modal error dialog is shown. Before I got that I tried 40,512,1024 character (repeated) strings without any truncation or error and 10, 50, 500, 5000 digit (0-9 sequence repeating) strings. The test that first showed me that error message was a 310,000 alphanumeric string, basically string.digits + string.ascii_letters (api doc) times a large enough number. At that point I had shed some discipline to try and prove there was a boundary there somewhere after failing to overflow a buffer for "Last Name" with floods of thousands of input characters
Binary data where it isn't meant to go
lorelei-lee-long:bbsttd adric$ du -sh CommunicatorChirp25.mp3 8.0K CommunicatorChirp25.mp3 lorelei-lee-long:bbsttd adric$ cat CommunicatorChirp25.mp3 | pbcopy
Actually the binary injection was pretty uneventful. The first initial of an MP3 file is 'I' for reasons that are pretty obvious after a brief thought or peek at the file.
It seem LibO doesn't expect three initials when auto updating the Initials field in Option/Preferences. I discovered this for free by starting LibO Here on the iMac to fool around with if for the bulk of the testing for this assignment. It cheerfully sucked my name from the old OOo registry without even blinking (or asking) and prepopulated givenname, surname and initials from the old registry in the dialog, which pulled along my three initials. I subbed in Adric for givenname and started pasting binary into the sn field only to see the initials change to 'AIN' rather than the correct 'AI'. Once I cleared the old initials out and tried again it got it right, which means that instead of clearing the field and writing a new calculated value they are updating the individual characters of a string they don't know the length of. Uh oh... I've filed libo Bug 43497
Some notes on tools
While blundering around I found many better ways to do what I was up to. Even without a formal harness it's easy to generate and evaluate data against a SUT this way with the built-ins of any scripting language. I settled on Python because after trying some Ruby and Perl I got going the fastest in Python .. though as I found easily enough I was still going much slower than I needed to. I should have googled sooner as that would have saved me some time and keystrokes.
Here are two things I will use in the future for this sort of exploration: Python libraries to interact directly with the platform clipboard and (if available) the Ruby black bag security toolset. There's no coincidence at all that the same tools that work for neutral/academic software testing and QA are also used to attack software and find its weak point and I've studied both.
Ed note: I've submitted the assignment to the class and will post it here after the course is done and grading is completed.