A Method Based On Flow Analysis In Source Code Testing Tools

With the rapid development of informatization, software technology is developing moreand more quickly and it has become an indispensable part in our daily life, also its status androle has become increasingly prominent. Today, the increasingly large scale of software, itsdefects and mistakes are more and more difficult to find, the traditional manual detectionmethod it is hard to fit the steps of software development, so software automatic testing toolsbecome necessary. The earlier we find the existing defects, the smaller we will lose;the fewerwe have impact on software reliability. In the development stage, eliminating the defects fromthe very beginning possibly can reduce the risk.Software testing technology is mainly divided into static testing and dynamic testingtools. Using the latter in running time of the system, if program itself is flawed, dynamictesting tools are useless; In the contrary, static testing does not need the code of actualoperation, but through the analysis of the source code and intermediate code detection. Atpresent, the domestic energy source code static analysis tools are few, the existing researchresults on the source code of the vulnerability evaluation ability are very weak. So, to improvethe software security and vulnerability analysis capabilities, the establishment of a system,thepractical source code vulnerability analysis system, means a lot to domestic software testingwork.Based on the static analysis techniques, mainly to complete the Python procedure in thepresence of dead code, undefined variables, definition of variables and functions without theuse of such defects detection, defect detection will cover the common defects of Pythoncategories, including command injection and Eval injection defect types. In addition, throughliterature reading and comparing the existing detection tools, this paper provides XML formatdetection rules expansion interface and the easy way to define rules and add custom detectionfor users; And the output of detection result supports not only for XML, HTML and otherformats, but also complete trigger path, data transmission, defect location, type of defect,defect description, possible remedy means and risk level and other important information. Inthe Linux development environment, the design will support Python program control flow and data flow analysis, Can correct Python source files of lexical and grammatical analysis,Can the right will be abstract syntax tree into expression, also can provide process amongvarious levels of analysis, comprehensive and in-depth for defect detection. The parsedPython program transforms into a suitable analysis of the three address code form, thensystem can establishes control flow,data flow and other auxiliary information for the needs foanalysis. In addition, in the process of analysis, system is capable of recording a sufficientlyrich context sensitive defects and it uses path traversal algorithm and the document analysisalgorithm to improve the accuracy of test results and the detection alarm, Accuratepositioning and provide detailed information of the loopholes, reduce the rate of missingreport and the false alarm effectively by purification treatment to propagating the taints.