A Blog from QualiTest

How to Test Your Death Star Library Archive System by Rana Dey

Today Rana Dey dives into the Star Wars universe and considers how you would test the Death Star Library Archive System. May the Fourth be with you!

Hello my friends, and happy Star Wars Day.  I am one with the Force and the Force is with me.  And I remember those long lines around the theatres when the original movie opened in the ‘70s.  But today, I’d like to talk about the library archive system at the end of Rogue One (spoiler alert: I hope they had a good disaster recovery plan – we know that they have Carbonite storage).

The library archive system reminds me of the old microfiche systems at libraries: “Oh, you want the yada-yada article?  Pull the card indexed by …”.  Except that instead of pulling microfiche cards from a box, this is more like a Wurlitzer jukebox that pulls records (or in this case removable hard drives) like a vending machine (or if you prefer, doors like in Monsters Inc.).

So here’s a quick outline of necessary testing I see:

Functional: Confirm that querying works in the specified ways, including no results or “matches all records”.  Confirm read access to the device.  Have a way to handle unreadable records, for both garbled data and cases where the removable drive has been physically removed. Confirm warning for an incomplete or otherwise unacceptable address (again, like a vending machine).  Does a trail of user actions need to be maintained for audit records, which we’ll call Sarbanes-Ackbar (if so, each command type recorded needs validation)?  CRUD testing is necessary on the record-keeping, including confirmation of proper permission control on the update and delete.  Physical testing should confirm that stored data and data retrieval functions produce identical results.  If version control is a feature of the system, that will need testing too.

Security testing: For a defence contractor or government system, the log-in security seemed pretty weak. It was a little too easy for a new user to hack into the system to access military design features (of course, this goes back to Artoo hacking into the Death Star back in Episode 4).  The system should auto-logout if there is a long pause, and have permission control over specific higher-level access functions (as mentioned above, some functions should require super user access for these oversized thumb drives).  Pen testing and the latest OWASP list should be required testing here, and ensure that there is no risk from all of the third-party apps and libraries!

Performance testing: In Rogue One, we never really saw if there is any system issues when multiple users are busy in the system.  This requires testing – there must be times in the Death Star SDLC when there’s heavy access to schematics.

Data warehousing: Just curious, do you think that the records are pulled or pushed?  Pulls suggest that the system would need to go off-line temporarily, so I’ll guess push.

P.S. I wanted to add Weird Al’s “The Saga Begins” and “Yoda” in the picture above, but those seemed too obvious.  How about Deep Purple’s “Snoke on the Water”?  “The Theme to Jawas”?  My challenge to you is to come up with more punny Star Wars song titles (no Jar Jar please) and add them on as comments. Of course, you can also comment on any testing I left out or should alter.