Common defects Arrangement and solution of B/s system

Recently, the department has collated all of this year's project Test team Bugs, screened dozens of as a general common defects, I based on these defects, remove and business-related knowledge, compiled a defect description and solutions.

In fact, the web system in the general defect classification is so much, but the summary process, a colleague suggested classification to write more general points, but I think of the next, after writing you may not understand, it is often made mistakes are so much, classification for example, according to security issues, performance problems, concurrency problems, may describe more professional, but development, The people who test the team see that it may be too official to be relevant to themselves and not to be taken seriously. So my classification and problem description may be a bit more verbal, but it should be able to make everyone understand quickly.

Below is a section of my collation, the importance and the frequency of errors in order:

One, do not trust the client's data

Defect Description: The foreground maliciously falsified data or some value of the page is not loaded, the user initiates a request but uses the value in the load, or the requested value itself is malicious forgery, causing the background to throw a detailed exception or cause SQL injection, XSS and so on.

Recommendation: Regardless of whether the foreground data is malicious forgery or due to slow page value is not loaded, but users with the non-"regular" data requests, the background should be one by one check, such as JS before the verification is only to a certain extent to reduce the pressure after the request, the background code should verify the client any data, SQL parameters should be parameterized and so on.

Second, the page does not set a friendly error

Defect Description: The page has failed to set a friendly page for HTTP error 500,404, causing the foreground to throw out the details of the error condition

Recommendation: Configure HTTP Error-friendly pages such as 500,404

Third, the Ajax loading completed before and after the page event control

Defect Description: The AJAX request before and after the page's other new requests are not limited, resulting in the previous Ajax unhandled completion, and subsequent execution depends on the previous AJAX return data request

Recommendation: If a new request (including Ajax) exists for a dependency on the foreground page, the new request should be judged whether the previous request was completed, or if it was not completed, then wait or prompt.

You should set some buttons to be unavailable before an important AJAX request, and then set the button to be available when the AJAX request is complete. So that the important AJAX request is complete before you can click on another action

Four, background parallel, vertical permission verification

Defect Description: The background does not determine whether the user has permission to manipulate the data of this request, but only to determine whether there is permission to manipulate the link or not at all to determine whether there is permission to manipulate the link, the problem often leads to view all orders or view administrator data

Recommendation: Permission control In addition to controlling whether the current user rights have permission to operate this request address, you also need to determine whether there is permission to manipulate this data

Five or one order multiple refunds rounding issue

Defect Description: As a separate item, the reason is that paying a refund is a very important link. Any refunds that involve payment may have this problem. A multiple refund of an order, due to rounding issues, will result in a full refund will be greater than the payment price, such as more than 0.01 yuan

For example, 99.5 yuan orders, rounding accurate to points, the first refund of 33.17 yuan, a second refund of 33.17 Yuan, a third refund of 33.17 yuan, a total refund: 99.51 yuan.

Recommendation: I think there are two kinds of solutions:

1, payment in accordance with rounding to take large calculations, refunds in accordance with small calculations, such as 0.009 Yuan also counted 0.00 yuan. This way no matter how many refunds, in extreme cases, may be all finished, there will be more than 0.02 yuan more points, suitable for extreme situations an order can be completed in multiple times, but the vendor or platform may end up earning a few cents. But this is related to the business and needs to be confirmed.
2, refunds per round refund, but if the last refund of an order is no longer in accordance with the rounding refund, but the payment amount minus the completed all the refund amount, the remaining money as the last full return, so as to ensure that the user and the vendor or platform will not be more than a refund or multi-collection situation.

Vi. third-party framework issues

Defect Description: A third-party framework is unfamiliar or self-related, resulting in security or performance or other issues

Recommendation: General issues, this is as far as possible to ensure that the new version of the third-party framework, or testing environment after testing, and then go online, keep an eye on the third-party framework of the official website

Vii. Browser Fallback issues

Defect Description: The problem is a single category, because the web system is a very typical problem, the browser back cause the order can be refunded again, added again. Data issues like that

Recommendation: Two levels caused the problem, the first one is the foreground page cache, the second is the background does not judge the duplicate data. Solution Ideas:
1, the important operation of the page settings prohibit the client cache, so that the browser cannot back or back the page has expired.
2, even if the browser can back, or through the request to replay manual manufacturing requests, such as malicious repeated submissions, the background should also judge, especially to modify an operation, such as an order refund, resulting in an order refund multiple times; The background should verify that the operation can be performed on any request, whether it is a duplicate commit or a new commit.

Eight, service side concurrency verification problem

Defect Description: Concurrency problem is a problem that any system needs to consider, also may cause the system to exist the logic error place

Recommendation: Important business modifications require business logic-level transactions that are more complex if multiple back-end application servers are involved. such as single-use lock code block can ensure that the single machine does not problem, but random multi-machine requests may be problems, such as a malicious user with a Unicom network and telecommunications network at the same time a refund of an order, if the single-machine lock code block, may lead to the Unicom network request a server, telecommunications network request B server, a, a and a In addition to the single-machine lock solution, can be solved the idea:
1, the important modification of the business, the parallel operation depends on a separate server or service, the service to determine whether the first operation and tagging, another request through the server or service to determine whether the operation can continue, so the lock operation only need to strictly judge the lock on the server or service, does not cause concurrency problems. But the cost is relatively high.
2, if the business is operating the same database, then add a state field to the database table, such as the state is being modified, multiple transactions at the same time the request, the first request to modify the field and where it is a previous state field, the second request to modify the field to execute the same SQL. But the second SQL modification returned a number of 0, because the first SQL modification succeeded, where the previous state was not, so the range affects the number of rows is 0. So a second transaction request can be returned: there are other requests that are modifying the order and cannot be modified at the same time. This solution cost less.
The above is mainly said to modify the business, if new business, that much concurrency can not be very detailed processing, because it can be used as a different time period of multiple requests for new data, according to business needs to do processing.

Nine, the critical judgment problem

Defect Description: If a string is split or indexof or the length of the array is determined, it often results in missing the last or first data

Recommendation: First or last data in a string or data collection need to clean up the data first, such as three-and-three, the last, need to clean up, clean up the data before processing. Processing data also requires attention to issues such as the size of the length,size () and the relationship that the Group object calculates from 0.

Ten, Object batch update problem

Defect Description: This problem is the background code problem, sometimes the table data is too large, in order to save trouble, direct update (table), but the table is actually a lot of sensitive information, such as password, mobile phone number, ID card, etc., these data were made special treatment, such as have * number, etc. Bulk updates can cause fields to be replaced by empty strings, or to be overwritten with clear text.

Recommendation: Try not to batch update objects, update what fields to modify what

Xi. Business understanding and handling issues

Defect Description: An issue in which the previous segment or business logic is inaccurate due to unclear business understanding or communication

Recommendation: Important business logic requires more communication confirmation and more testing of complex business logic before going online. Where business logic is uncertain, use a whitelist, such as what to do with it, instead of a blacklist or no list, and deal with it directly.

12, JS compatibility issues

Defect Description: JS compatibility problem is the most common problem in web development

Recommendation: According to business requirements is compatible with what browser, before the online test for the browser, or for example, now Ali has browser compatibility Automation test tools, can be completed after the business test Automation JS and CSS compatibility issues.

13, floating point calculation problem

Defect Description: The most frequently encountered problem with background code calculation data

Recommendation: Floating point calculation data will have a precision problem, Java float,double calculation is changed to BigDecimal calculation

14, the database is not structured data causes the foreground exception

Defect Description: Especially in the test environment or the old project, the database has a field is not regular, leading to the foreground abnormal or show error

Recommendation: Ensure data insertion data is placed in the database according to requirements, data presentation also has a fault-tolerant mechanism, if the data field is not correct with default data or leave blank, ensure that the page can request and return normally

XV, memory cache object Design issues

Defect Description: Doing systems often cache data with memory, memory caches what objects may affect subsequent business logic

Recommendation: the page cache data should be as fine as possible, than the system in order to limit the same user at the same time refunds, may be in memory cache this user is in the refund and as well as the refund amount, but the memory does not record what the user's order in the refund, resulting in other orders this period also cannot be refunded.
The memory cache object also needs to be modeled to make the memory object fields as thin as possible, guaranteeing a variety of application scenarios.

Above 15 is I according to the 2015 department Test team Bug situation, collation of some of the continuity and business-independent defect description and recommendations, certainly incomplete, and the recommendations of these issues may not be accurate, only for reference, such as reproduced, please specify from: http://lawson.cnblogs.com.

Common defects Arrangement and solution of B/s system