You need to sign in to do that
Don't have an account?
Manjeet
Code coverage VS Testing ?
Hi All,
Is it right to just cover the code of apex class or We will be forced to do proper testing during security review ?
what i do to make a class deployable to production env , i just call its methods from a testmethod method and the work is done (code coverage reach about 90-95 %).
I want to know whether its a acceptable approach in force.com or i need to change the approach . whether i should use sandbox data to cover the code or i must create the data in testclass itself before running the methods to cover the code ?
Thanks ...
Just creating a test class to cover the code so you can go with deployment look fine but the problem is there may be failures after deployment if your test methods are not written properly.
As far as security is concerned, salesforce will not see that you have covered all the cases including positive and negative. They are more concerned with the issues like
1) SOQL SOSL Injection
2) Stored XSS
3) XSRF
4) Queries with no where or limit clause
5) Bulkify Apex Method using collection in method
6) Async future method inside loops
7) Test method with no assert
etc...
So writing a good test cases are beneficial for your application.
All Answers
For the best Test class you have to test the postive as we all negative test cases also. As well as single and bulk mode also.
some of the tips are
run for specific user or profile .. u can achive this by using system.runas() method
use system.assert functions
use test.starttest and test.stoptest methods....
Just creating a test class to cover the code so you can go with deployment look fine but the problem is there may be failures after deployment if your test methods are not written properly.
As far as security is concerned, salesforce will not see that you have covered all the cases including positive and negative. They are more concerned with the issues like
1) SOQL SOSL Injection
2) Stored XSS
3) XSRF
4) Queries with no where or limit clause
5) Bulkify Apex Method using collection in method
6) Async future method inside loops
7) Test method with no assert
etc...
So writing a good test cases are beneficial for your application.
You can also submit your code for scan here :
http://security.force.com/sourcescanner
Thanks Ankit..
Hi Ankit
As you said force.com is concerned about where and limit clause . then how i will find results based on some criteria . Is there any other option to do criteria based queries ?
thanks..
Where clause is just raised as warning and not error, but you need to put limits in each query.