This document should highlight the efforts made in developing ERP5 on a test-driven basis. It should introduce the infrastructure and methodologies used for testing, provide access to latest test results along with guidelines for developing and contributing to ERP5.
Test-Driven Development
Developing ERP5 is not possible without the use of automated testing. The following documents provide more information on the ERP5 test infrastructure including latest test results along with guidelines and instructions on how to setup, write and run tests.
ERP5 Conventions
ERP5 has over the years evolved to over 10 million lines of code. Focussing on the Unified Business Model along with strict rules and conventions regarding naming and programming ensure that the codebase stays easy to understand with the Documentation HowTos providing insights into specific functionalities and behaviors.
The following documents from the Developer Guidelines introduce the respective conventions relevant for programming ERP5:
Code Repositories and Contributing
The ERP5 source code is hosted on Gitlab at lab.nexedi.com with an internal issue tracker being used by ERP5 developers. As contributing to ERP5 requires to learn the ins and out for at least a year (getting started), there are currently no contributing guidelines but this might change in the future. In the meantime please post in the public Forum in case you have any issues or questions.
Security
Below is a list of publicy filed commen vulnerability and exposur (CVE) issues, which have been filed and are being worked on to be fixed.
CVE-ID |
Version |
Type |
Acknowledged |
Published |
Status |
CVE-2020-28056 |
ERP5 v5.5 |
XSS (Cross Site Scripting) |
2020-09-28 |
202011-02 |
in progress - working on a fix |
Impact
The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.
|