Taxonomy is the practice and science (study) of classification of things and concepts, including the principles that underlie such classification [source Wikipedia]. First time when I herd of how to apply taxonomy in software testing was in BBST Test Design course. You can find more details in Dr. Cem Kaner paper, Bug Taxonomies: Use Them to Generate Better Tests.
In my testing I often have to test CRUD functionality. I searched for CRUD (create, retrieve, update, delete) bug taxonomy list, but Google did not list any relevant result.
In this post I will try to do bug taxonomy for CRUD acronym. CRUD acronym is often used and I think that many testers would found that list very useful. In the end, I will map CRUD acronym on REST API methods.
In this example we have object with mandatory and optional attributes. One of the attributes must have unique value. Client side could create any Object (no any check is performed) and server has to do all checks. Context of bug taxonomy are object attribute values.
Create object:
- missing mandatory attribute
- attribute does not belong to object
- duplicate attribute
- wrong attribute value type
- wrong attribute value range
- wrong attribute value format
- existing value for unique attribute value
Retrieve object:
- missing unique attribute value
- unique attribute value does not exist
- wrong type of unique attribute value
- missing attribute in response
Update object:
- missing unique attribute value
- unique attribute value does not exist
- update of unique attribute value to existing value
- wrong type of unique attribute value
- duplicate attribute
- wrong attribute value type
- wrong attribute value range
- wrong attribute value format
- attribute does not belong to object
Delete object:
- missing unique attribute value
- unique attribute value does not exist
- wrong type of unique attribute value
- object already deleted
Notice the redundancy in Retrieve, Update and Delete.
This could be easily mapped to REST API:
Create -> POST
Retrieve -> GET
Update -> PUT
Delete -> DELETE
When I start testing RSET API, I first automate tests for CRUD bug taxonomy. But that taxonomy must be also used by project management in order to negotiate REST API protocol. For every object, we must know:
- attributes
- mandatory attributes
- unique attributes
- attribute value type
- attribute value range
- attribute value format
Otherwise, RSET API could easily be used for malicious data manipulation. If you found that I missed some bug taxonomy, please let me know and I will add it to the list.
Recent Comments