12

What are some useful test case ideas (and test questions) related to string inputs? Usefulness need not mean applicable everywhere or all the time--just often enough to be worth considering when you address a new problem/system/domain.

Individual answers may contain questions specific to certain domains (eg email address) but should probably point to a separate wiki-question.

Please add your answer BOTH to the question and to the list of answers so that individual items may be voted upon.

Some answers:

  • See https://github.com/minimaxir/big-list-of-naughty-strings
  • Blank/null string
  • Whitespace only
  • All ASCII/ANSI characters 0-255
  • Extended Ascii characters (e.g. in Outlook)
  • Very long strings (suggest using perlclip to generate a counterstring, eg 2*4*6*8*11*14*17*20*
  • Only one character
  • Unicode characters
  • SQL injection
  • Cross-site scripting, Cross-site request forgery
  • ReDos

Related SO Questions:

Community
  • 1
  • 1
Kimball Robinson
  • 3,287
  • 9
  • 47
  • 59

2 Answers2

5
  • localization concerns regarding number formats (decimals / commas)
  • behavior sensitivity of special characters (for example supporting single quotes, but still being capable of parsing a name like Jim O'malley)
  • escape character, and ending a string with the escape character - for example if your escape character is ^, and the user inputs something like See above^
  • new lines in a string intended as single-line.

the list is endless though because it really depends on how you intend to use the string, and where it came from.

tenfour
  • 36,141
  • 15
  • 83
  • 142
2

ReDos vulnerabilities if a Regular Expression is used

http://msdn.microsoft.com/en-us/magazine/ff646973.aspx

CaffGeek
  • 21,856
  • 17
  • 100
  • 184