[notice]FAIR WARNING: At time of writing, this software hadn’t been fully tested. During the tests I have found a large number of SQL injection issues with this code that I have patched on my system, and will continue to patch as I check over the package. In the next few days I’ll make a useful diff/patch and submit to the maintainer, because this is simply unacceptable – especially for a tool designed to help with Software QA.[/notice]
Part of my specific duties involve some software testing as part of our Quality Assurance efforts on tools we have developed in house, both for internal use and for our customers to use. Things like our customer portal which, among many other things, gives our customers the ability to manage what is in their racks, and if they have a PDU which allows it, remotely power up or power down hardware.
We’ve been managing this effort using a shared spreadsheet which works well enough, but can easily be improved. So I started looking for tools that would allow us to manage our testing efforts in a much more efficient manner. It might take a little more administration, but it should improve our workflow and hopefully balance out, especially once the initial start-up is out of the way.
Here is what I found: an old application called “TCW” or “Test Case Web” which has been in development for some time. According to SourceForge, it is still in fairly active development, the most recent release being just a couple of weeks ago, on April 24th.
It’s written for PHP4, so there are a couple of deprecated functions and variables which I’ve adjusted for, and I had to fight my development server just a little to make it work right, but it’s running.
Here are a couple of tips:
The default login is (case sensitive, apparently):
Line 4 of “adminaction.php” reads “$args=$HTTP_POST_VARS;”, change it to “$args=$_POST;” under PHP 5.
None of the system has an install script. You’ll need to create a database and user in MySQL, then edit the incluido.fil file to have the credentials. You’ll also need to import the schema to MySQL, easily achieved with the mysql command line tool or phpMyAdmin.
There are also a handful of places in the code that trigger PHP warnings, mostly because they check the contents of a variable without checking that the variable is set.
For the “home page” (which is severely out of date, but the docs mostly apply), see here.
For the SourceForge project page with current releases see here.
Also, if you’re a PHP dev, it might not be a bad idea to take a look and maybe consider helping out, even just briefly, to review the code for security issues and offering a helping hand to bring it up to PHP5 standards.