I, Chris, try to add a system test for the todo bug fix in episode 5 but run into some issues. I find out I stupidly hard coded the todo file name when he first added the ability to generate a todo file in Standard. When recording this video I think that is why his system test doesn’t work but upon re-watching this video I have my doubts. Only time will tell if my doubts are correct or not.
On the plus side at the beginning of the video I do refactor the fix and the unit test.
NConstraints currently only has one constraint called EquivalentPropertyWiseTo. It checks if all the property values on two objects are the same. Instead of writting:
[Test]
public void TestObjectsTheSame()
{
var expected = new ExpectedClass() { ValueOne = 1, ValueTwo = "Blah", ValueThree = 33 };
var actual = MethodBeingTested();
Assert.That(expected.ValueOne, Is.EqualTo(actual.ValueOne));
Assert.That(expected.ValueTwo, Is.EqualTo(actual.ValueTwo));
Assert.That(expected.ValueThree, Is.EqualTo(actual.ValueThree));
}
You can write:
[Test]
public void TestObjectsTheSame()
{
var expected = new ExpectedClass() { ValueOne = 1, ValueTwo = "Blah" };
var actual = MethodBeingTested();
Assert.That(expected, Is.EquivalentPropertyWiseTo(actual));
}
You can find more details on the NConstraints GitHub page. If you have any questions, notice a bug, or have improvements please let me know by:
P.S. – You can ignore the v.1.1.0 release. I accidently made NConstraints only compatible with NUnit 3.13.3 or higher instead of all NUnit 3.* versions.
Posted inUncategorized|Comments Off on NConstraints v1.1.1 Released Now Targets .NET Standard 2.0
I add a unit test for the Standard Ruby linter bug fix done in the last episode. When adding the unit test I find out someone has improved the todo generation logic. Thank you. I also find a remove a redundant test.
In this episode I implement a fix for the todo file generation bug in the Standard (Ruby linter) and do some manual testing. Also use ChatGPT to explain some code that GitHub Copilot generated.
I, Chris, spend a lot longer then I anticipated filling out the JetBrains Developer Ecosystem Survey 2023. Thought it would be a quick half-hour but turned into 2 hours. Sorry in advance for the long video.
If you use the link below to take the survey I might win a prize:
Chris fights to get the debugger working in RubyMine and does not make any progress on Standard. It was frustrating but overall Chris enjoys working with RubyMine so thank you JetBrains for creating it.
If you have any questions you would like answered in a future show or have constructive feedback please DM me or send an email to ask@saturdaymp.com.
If you have any questions you would like answered or constructive feedback please send an email to ask@saturdaymp.com.
You can find my fork of the Standard repo here. Ideally all the files in the video would be in the repo but since we ignored the Docker files at a local level, they are listed below.
# Dockerfile
FROM ruby:3.2.2-alpine3.18
RUN apk update && \
apk upgrade && \
apk add --no-cache git build-base
# .git/info/exclude
# File patterns to ignore; see `git help ignore` for more information.
# Lines that start with '#' are comments.
Dockerfile
docker-compose.yml
docker-entrypoint.sh
.idea/
Gemfile.lock
I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients.
One thing I was not expecting was the amount security tools that are available. To help me remember I figured I should write them down and what better place then the dusty old blog.
The tool I learned about today is Gobuster. It is a tool that lets you brute force directories and files on a website. At least that is all I’ve used it for so far but it can also be used to guess DNS subdomains, vhosts, etc.
Gobuster needs a wordlist which is a file of paths to try. If you are using Kali Linux you can find several at /usr/share/wordlists. If you aren’t using Kali, or need additional wordlists try the danielmiessler/SecLists.
An example of running Gobuster on a Hack the Box website. The goal was to find the “hidden” login.php file so I could login to the website using credentials acquired via a open FTP directory.
I think Gobuster will be a useful tool to make sure a client is not exposing files they don’t mean too. For example, an incorrectly configured Apache/Nginx server. Or maybe the client accidently added an file they shouldn’t have to Git and now it shows up on their website.
P.S. – I searched for songs about finding things but that wasn’t very fruitful so changed the search to secrets and found the one below. It has good advice about not caring about if others know your secrets but that only applies if you are human. Websites should keep their secrets secret.
I don’t care if the world knows what my secrets are Secrets are I don’t care if the world knows what my secrets are Secrets are
I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler.
While I’m honored to be presenting, my hope is to learn more than I impart. I’m looking forward to chatting and learning from you, my fellow BSides Edmonton 2022 speakers and attendees. I enjoy discussing securing small to medium sized business, legacy code, software development best practices, games, or anything remotely technology or software related.
