Design And Implementation Of JAVA Source Code Vulnerability Detection System Based On Static Analysis

With the rapid development of computer technology, the use of software securityvulnerabilities to attack targets becomes one of the important means for hackers. Anysecurity vulnerability introduced by software design or implementation could be a securityincident, which will bring a great loss to society in the future. The size of the source codebecomes larger, followed by the more powerful features of the software, which makes it ismore difficult to detect the potential security vulnerabilities of source code using thetraditional software testing methods. Attacks have also continued to emerge, traditionalsoftware testing methods cannot meet the needs of modern software development. Basedon the design and implementation source code vulnerability detection system has becomeone of the hottest subjects worthy of study and orientation.Based on static analysis, the vulnerability detection system for Java source code,analyzes of the source code for pretreatment firstly. Depending on the specific design ofdifferent vulnerabilities, the system designs the specific detection algorithm in order todetection the source code vulnerabilities. Specifically, the source code will be convertedinto the intermediate representation by traversing the abstract syntax tree(AST) based onlexical and syntax analysis. Then, the source code control dependency graph and datadependency graph can be obtained by using the dependency algorithm. Preprocessing thesource code, the principles of its formation, classification, and preventive measures ofNull Pointer Exception, XSS and SQL Injection vulnerabilities are analyzed. Moreover,the formation process and existing judgment of the common vulnerabilities arediscussed. Using the control flow, data flow information and the existing condition of thespecific vulnerability, a particular vulnerability detection algorithm is designed，JAVAsource code vulnerability detection system based on static analysis is designed andimplemented finally.Several well-known open source projects were selected for the experiment. Compared to the mature business testing software, the result shows that JAVA source codevulnerability detection system based on static analysis has a good performance in fullfrankness and false detection, and achieves the desired target of the system‘s design.