Programming

The app runs on 30k lines of code that can break anytime when code is added, therefore it requires tests to prevent regressions:

1. Unit tests run and process stops if any failure is detected
2. Then integration tests run, process also stops if any test fails
3. Finally a new version is released when all tests pass

Note

💉jSQL is open to programmers, contact the developer directly or open a PR on GitHub, also you can review the list of new features on Projects and Roadmap.

Unit tests

Unit testing ensures that lines of code produce the expected result, it warns you when you break something while adding new code.

You run unit tests without any external resource, no database, no API, and you can inspect the lines of code that have been triggered during the tests by using the code coverage reports.

Untriggered code means either it's useless or it does not run as expected.

Integration tests

Integration testing checks that the components interact properly and validate that they access expected external resources.

The following components must properly communicate during integration tests on GitHub Actions:

• the View displays the GUI, interacts with Model and runs on VNC screen
• the injection Model runs with JUnit testing framework and calls Spring APIs
• the Spring Web server and vulnerable APIs and pages are connected to the databases
• the databases prepared to injection are in-memory and on 🐳Docker

Release

New releases are uploaded to GitHub on manual approval when all tests pass.

The new version is then available to download, also 3rd party platforms like Kali Linux and Packetstorm are pulling the release to share the info on their platform.

Generated documentation — Maven site

Every time the code changes and the tests are running fine then the Maven docs and metrics are auto-generated and published to GitHub:

• Javadoc describes classes and methods
• Reports from Surefire and Failsafe show the unit tests and integration tests with execution time
• Dependency reports list the available version updates, and more

Tip

Open Maven site for detailed metrics describing the internal modules Model and View.

3rd party documentation

External static code platforms are also triggered on code push and are producing additional quality reports :

• Sonar report measures code complexity, duplication and code smell
• Codecov report displays graphical code coverage
• Codacy report processes additional quality rules

Architecture

The following diagram shows the global 💉jSQL architecture, it describes the components that run on GitHub Actions during the CI/CD process:

graph
junit(JUnit Tests)
subgraph jSQL Injection
    gui(GUI)
    model("💉Model")
end
subgraph Spring
    api([/api])
    admin([/admin-page])
end
subgraph Memory
    memory-other[("
        HSQLDB
        SQLite
        Derby
        Mckoi
        H2
    ")]   
end
subgraph DockerLamp [Docker]
    subgraph "Apache<br>PHP: mysqli mysql pdo"
        direction LR
        mysql[(MySQL Postgres<br>Derby HSQLDB<br>SQLite H2)]
        shell(["exploit"])
        passwd(["file"])  
    end   
end
subgraph DockerDdbOnly [Docker]
    docker-other[("
        Oracle Cubrid 
        Informix Sybase
        SqlServer Db2
        Postgres Mimer
        Firebird Neo4j
        Vertica
    ")]   
end
gui -. "call" .-> shell
mysql -. create .-> shell
mysql -. read/write .-> passwd
junit -.-> gui
junit --> model
model & gui -.-> admin
model --> api
api --> mysql & DockerDdbOnly & Memory

Loading

---

Previous topic: Database, Next topic: Test script