Research On Code Review Technique Based On Static Detection

As the number of application software increases, the information security is also faced with severe challenges. Generally speaking, the security issues of software are mostly caused by code defects. And these security holes at times would be used by attackers to steal information and further control the system. According to whether it is in need of executing programs in the detecting process, the detection of security holes in software can be divided into two types: static detection and dynamic detection. However, both static detection and dynamic detection are flawed in high false positive rate and high false negative rate, which cannot meet the demand for the protection of current application software. Therefore, the issue of how to audit the code effectively and precisely has been highly discussed around the world.The efficiency of static detection is relatively high, but static source code scanning tools such as Its4, Rats, Flawfinder, Splint, and Cppcheck have high false positive rate based on the experiment on those tools; therefore, detecting security problems by using only one single tool is not appropriate. However, the detecting results by different tools can reflect the security problems of the source code on different degrees and different aspects. Under the circumstance of high false positive rate caused by one detecting tool, if we can synthetically use bug reports which come from different source code scanning tools, the conclusion will be better than the one uses the single tool for the detection of security holes. After the study of data fusion technology, this thesis attempts to apply an improved Dempster-Shafer evidence theory into the code audit, which provides a new way for the code audit based on static detection technology. First, this thesis conducts a comprehensive scanning of the objects of the tests by using different static source code scanning tools, and then analyzes the bug reports of each tool via standardized processing; Second, this thesis calculates the reliability value of one single tool based on false positive rate and false negative rate of each tool, and then uses the reliability value to average the original evidences; Third, this thesis makes the evidence to process n-1 times Dempster fusion; Finally, this thesis uses the new m functional value to judge bugs. The experimental results show that compared with the method of using a single tool, the new method not only guarantees accuracy but also significantly reduces the false positive rate; When compared with the traditional D-S evidence theory, the accuracy of the new method is higher and the improvement of false positive rate is more obvious, which makes it a better method for the code audit.