Adding custom test cases to ATC
There are situations where ATC might not be considering all the checks and your coding standards demands additional checks to be incorporated inside the ATC checks.
Hence adding custom checks to ATC is the only option you are left with (if you don’t want to purchase Code Vulnerability Analysis (CVA) license from SAP where additional checks are also incorporated like SQL injection etc.)
Following are the steps to add new test cases to ATC.
- Create a template in SCI where you can put together your additional checks
- Create a new class for each test case
- Set the attributes of the test cases
- Set the message code of the test cases.
- Set the priority of the test cases
Let’s follow the best practice (standard way) to add custom checks in ATC (steps mentioned below).
SAP has provided many classes which can be derived and used. We can inherit the classes and use its functions.
What I suggest is you should group the test cases into groups and create attributes inside each test cases. This makes design simple and by doing this we stick to the standards.
(Fig. no. 1)
Attributes inside check Analysis of select statements
(Fig. no. 2)
E.g. Consider you have below test cases to be added to ATC:
- Select up to 0 rows
- Multiple identical SELECT Statements in the same Module
- Missing Authority check in RFC enabled function
- Dummy Authorization check
You can group all the select query checks together and all the authorization check together and create attributes inside each check. Your test cases will look like the one mentioned in above figure (fig. no. 2)
To achieve this, follow the below step by step guide.
Create template check:
Template check “GMI Additional test cases” in fig. 1
- Create class “ZCL_CI_CATEGORY_TEMPLATE_CR“ using se24 transaction
- Make this class as sub-class of class CL_CI_CATEGORY_ROOT
(Fig. no. 3)
- Create constructor method (you cannot redefine the constructor method), so that system replaces the existing constructor by your own constructor.
- Insert the below code inside the constructor method
- (Fig. 4)
- Activate the class
- Navigate to sci transaction and navigate to management of -> test and select your class as shown below:
(Fig. no. 5)
- Now if you check your variant it will contain your custom template check
(Fig. no. 6)
Now we want to add checks inside the template.
Create new class for each test case
- Create new class named “ZCL_SELECT_CHECK” using se24.
- Make this class as sub-class of class “CL_CI_TEST_SELECT_TAW “, so that you can use existing methods.
- You can check the already existing methods
(Fig. no. 7)
- Now you can use class attributes like “selct “and get all the select queries along with the index numbers, up to addition, where fields addition etc as shown below:
(Fig. no. 8)
- As you cannot redefine the constructor hence create the constructor method and it will replace existing constructor since class can have only one constructor.
Add below codes inside the constructor:
(Fig. no. 9)
Set the attributes of the test cases
- Redefine the QUERY_ATTRIBUTES method and add below code:
(Fig. no. 10)
- Redefine the get attributes and put attributes method for reading and setting the attribute values respectively.
(Fig. no. 11)
- Define the necessary attributes for holding the attributes values from sci transaction
(Fig. no. 12)
Also define the text elements
(Fig. no. 13)
- Activate the whole class.
Set the message code of the test cases.
Open transaction sci and choose the variant you want to configure.
You will notice there is no custom checks created
Now back to sci->management of->tests and select your class as shown below (as shown in fig. no. 5 above)
Now you will see custom checks appears inside below the template “GMI Additional test cases“
- Now redefine run method and write below code. Inside run method for select check you can easily apply your logic checking up to addition and where field addition of standard table selct (shown in fig. no. 8):
(Fig. no. 14)
- Now run the ATC on program to check the findings.
Note the priority of your custom test cases. We are going to change it in the next step.
Setting priority of the custom test cases:
For all the custom test cases or even the standard existing test case, you can change the priority by putting entries in table SCIPRIORITIES.
- Go to se11 transaction and open the table SCIPRIORITIES
- Now create entries inside this table as:
(Fig. no. 15)
- When you run ATC, it picks up the priorities for your custom checks from this table as shown below:
(Fig. no. 16)
You can do similar steps to incorporate Authorization check. Only difference is you can create sub-class of class “CL_CI_TEST_SCAN“. This class is the simple scan class and it has already scanned the code and stored in the variable statements and tokens.
(Fig. no. 17)
Please note there is no need to create template check if you don’t want. You can put your custom checks inside the standard checks as well. Just change the constructor method and you are good to go.