Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
= minitest-bisect
home :: https://github.com/seattlerb/minitest-bisect rdoc :: http://docs.seattlerb.org/minitest-bisect
== DESCRIPTION:
Hunting down random test failures can be very very difficult, sometimes impossible, but minitest-bisect makes it easy.
minitest-bisect helps you isolate and debug random test failures.
If your tests only fail randomly, you can reproduce the error
consistently by using --seed <num>
, but what then? How do you figure
out which combination of tests out of hundreds are responsible for the
failure? You know which test is failing, but what others are causing
it to fail or were helping it succeed in a different order? That's
what minitest-bisect does best.
== FEATURES/PROBLEMS:
== SYNOPSIS:
Let's say you have a bunch of test files and they fail sometimes, but not consistently. You get a run that fails, so you record the randomization seed that minitest displays at the top of every run.
=== Normally, it passes:
% minitest example Run options: --seed 42
.............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. ....................
Finished in 200.341744s, 3.6371 runs/s, 3.4230 assertions/s.
800 runs, 798 assertions, 0 failures, 0 errors, 0 skips
=== Original Failure:
But someone sees the failure either locally or on the CI. They record the output and get the randomization seed that causes the test ordering bug:
$ minitest example --seed 314 Run options: --seed 314
.............................................................................. .............................................................................. .............................................................................. .............................................................................. .........................................F.................................... .............................................................................. .............................................................................. .............................................................................. .............................................................................. .............................................................................. ....................
Finished in 200.836561s, 3.9833 runs/s, 3.9784 assertions/s.
1) Failure:
TestBad4#test_bad4_4 [example/helper.rb:16]: muahahaha order dependency bug!
800 runs, 799 assertions, 1 failures, 0 errors, 0 skips
=== Minimization and Isolation:
The problem is about how to efficiently figure out the minimal reproduction of the random failure so you can actually focus on the problem and not all the noise.
So, you run the tests again, but this time with minitest_bisect. Provide the seed given in the failure so the tests always run in the same order and reproduce every time.
minitest_bisect will minimize the number of methods.
% minitest_bisect example --seed 314 reproducing... in 203.83 sec verifying... in 0.37 sec
Minimal methods found in 11 steps:
Culprit methods: ["TestBad1#test_bad1_1", "TestBad4#test_bad4_4"]
ruby -Itest:lib -e 'require "./example/test_bad1.rb" ; require "./example/test_bad2.rb" ; require "./example/test_bad3.rb" ; require "./example/test_bad4.rb" ; require "./example/test_bad5.rb" ; require "./example/test_bad6.rb" ; require "./example/test_bad7.rb" ; require "./example/test_bad8.rb"' -- --seed 314 -n "/^(?:TestBad1#(?:test_bad1_1)|TestBad4#(?:test_bad4_4))$/"
Final reproduction:
Run options: --seed 314 -n "/^(?:TestBad1#(?:test_bad1_1)|TestBad4#(?:test_bad4_4))$/"
.F
Finished in 0.512999s, 3.8986 runs/s, 1.9493 assertions/s.
1) Failure:
TestBad4#test_bad4_4 [/Users/ryan/Work/p4/zss/src/minitest-bisect/dev/example/helper.rb:16]: muahahaha order dependency bug!
Voila! This reduced it from 800 tests across 8 files down to 2 tests across 2 files. Note how we went from a ~200 second test run to a ~0.5 second test run. Debugging that will be 400x faster and that much easier.
=== What Now?
Now, it is now up to you to look at the source of both of those tests to determine what side-effects (or lack thereof) are causing your test failure when run in this specific order.
This happens in a single run. Depending on how many files / tests you have and how long they take, the minimization might take a long time, but each iteration can reduce the number of tests so it should get quicker with time.
=== But sometimes, it fails:
Sometimes a test fails by itself consistently but passes most of the time in CI. This is a false-positive in that the test SHOULD be failing all the time but some other test is causing a side-effect that it making it pass. This is sometimes harder to track down and reason about. minitest-bisect now has an "inverted" mode, where you run as normal but point it at a failing test by name. It will then validate that the test fails by itself but passes when run in full with the given seed. Then it tries to isolate and answer "what is the minimal combination of tests to run to # make this test pass?". For example:
% minitest_bisect example --seed=3 -n="/failing_test_name_regexp/"
reproducing w/ scoped failure (inverted run!)... in 0.06 sec reproducing false positive... in 0.06 sec
Minimal methods found in 3 steps:
Culprit methods: ["TestBad1#test_make_it_go", "TestBad1#test_fail_without"]
/Users/ryan/.rubies/ruby-3.2.2/bin/ruby -Itest:lib -Ilib -e 'require "./example"' -- --seed 3 -n "/^(?:TestBad1#(?:test_make_it_go|test_fail_without))$/"
Final reproduction:
Run options: --seed 3 -n "/^(?:TestBad1#(?:test_make_it_go|test_fail_without))$/"
..
Finished in 0.000369s, 5420.0544 runs/s, 0.0000 assertions/s.
2 runs, 0 assertions, 0 failures, 0 errors, 0 skips
== REQUIREMENTS:
== INSTALL:
== FAQ:
==== Q: What if my tests are in multiple subdirectories (e.g. 'test/' folder in a Rails app)?
This is assuming the following doesn't work for you:
minitest_bisect --seed 3911 -Itest test/*_test.rb
because you need it to span multiple sub-directories.
A: Use your shell to find the files for you
minitest_bisect --seed 3911 -Itest $(find test -type f -name *_test.rb)
or
minitest_bisect --seed 3911 test/**/*_test.rb
==== Q: How do I resolve an "invalid option: --server" error? $ MTB_VERBOSE=2 minitest_bisect --seed 3911 example/test*.rb reproducing... ruby -Ilib -e 'require "./example/test_bad1.rb" ; require "./example/test_bad4.rb"' -- --seed 3911 --server 33352
invalid option: --server
minitest options: -h, --help Display this help. -s, --seed SEED Sets random seed. Also via env. Eg: SEED=n rake -v, --verbose Verbose. Show progress processing files. -n, --name PATTERN Filter run on /regexp/ or string.
Known extensions: guard_minitest, pride -p, --pride Pride. Show your testing pride! Reproduction run passed? Aborting. Try running with MTB_VERBOSE=2 to verify.
A: Try adding "gem minitest-bisect" to your Gemfile and running "bundle install"
== LICENSE:
(The MIT License)
Copyright (c) Ryan Davis, seattle.rb
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Unknown package
We found that minitest-bisect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.