More Test Case: Text Field Test Case
To test effectively, the file upload module needs to have specific functionality developed. For example, here are some of the lists of requirements file upload feature must have to be a good module in your web app.
File Upload Test Case:
- Set the file size required for the web app. Make sure the file upload module recognizes the limits of file size.
- If you allow an only specific set of files, then whitelist those file types.
- Depending on the programming language, set the content type for the files being uploaded.
- The file upload module should have the file type recognizer functionality built into it.
- The file upload feature should remove the special characters within the text area field is provided.
- Accept alphanumeric content in the file names.
- Accept characters and alphanumeric content in names.
- Don’t accept the file types that lead to SQL injection.
- Include the server-level file scan.
- Don’t accept empty files with an extension that leads to SQL injection.
- Restrict file name typing instead offer file browsing dialog box to upload button.
- Authorize the file upload and transfer to only registered accounts if required.
- Make sure server-side checks for the file size limits.
- Create a new copy of the same uploaded file to avoid overwriting.
While some features can be implemented within the application, we should also think about the file upload feature in terms of security issues. Here are some security options to check while testing the application.
- Upload blacklisted files and try executing.
- Upload executable file and execute on the server.
- Upload HTML file with an XSS script embedded into it.
- Upload the virus file and measure the response.
- Upload files consistently without any waiting period (denial of service check).
- Try to upload the file as a guest user or anonymous user.
These are some of the basic options to check when it comes to security testing of the file upload module — typical File Upload feature on file upload sites like Dropbox or Google Drive.
Here are some of the test cases and scenarios that you should consider while manual testing the module.
- Is the uploader limited to a single file or multiple files?
- Are the uploader drag and drop type?
- Does the uploader require browsing to file using the browse button?
- Does the uploader depend on any third-party plugin?
- Is the uploader custom-built or makes use of the existing framework?
- Does the uploader supports drag and drop from the tablet app?
- Does the uploader gets affected by third-party plugins or API if it is dependent on their services?
- Does the uploader have any third party API security issues?
- Does the uploader include the progress bar to show the estimated time left for file upload?
- Does the file uploader displays file size uploaded?
- Does the file uploader have any file size requirements?
- What are the minimum file size requirements of the file uploader?
- Does the file size has any limits?
- Can you upload the file size outside the limitations of the uploader?
- What is the maximum file size accepted in the uploader?
- Does the uploader accept image files in the format – jpg, gif, png?
- Does the uploader accept document formats – pdf, doc, txt, xlsx?
- Does the uploader have any other specific application format requirements?
- Does the uploader has any specific file format blacklisted for security reasons?
- What are some of the file formats whitelisted by the uploader?
- Does the system allow canceling the upload?
- Does the system allow canceling multiple uploads?
- Does the uploader open to browse for file dialog box when clicked on the button?
- Does the uploader show a “success” message after upload?
- Does the uploader show an error message if failed?
- How does the uploader behave if the no file is uploaded?
- How does the uploader respond if some files in multi upload fail?
- What message does it display if the files failed to write on server space?
- What message is displayed if the chosen file only gets partially uploaded?
- What message is shown if the file exceeds the maximum file size?
These are some of the test cases that you can try while testing the file upload feature of web apps. If you have a suggestion for any additional features to test or have any idea of missing one, then do let me know in the comments. I’d appreciate it if you share the article on social media.