The Research And Implementation On Source Code Defect Detection Technology For Java Web Application

With the continuous development of Internet technology, as well as the continuous promotion and use of Web application projects, the complexity of the Web application has been increased. In order to adapt to the demand of the new technologies such as cloud computing and big data, Web system architecture is becoming more and more complex,bringing a lot of potential safety hazard at the same time.Currently, the main reason leading to the software defect is that most of the developers focus on the business implementation, but neglect the safety of the code itself.If we can detect the defects that exist in the software code in the development phase, the vulnerabilities could be revised in time and the network attacks could be greatly reduced.With the rapid development of JavaEE, open Web frameworks has been promoted. Large enterprises concerned about high security and confidentiality prefer to develop based on the JavaEE. So the research and implementation for the Java Web application source code defect detection technology in this article has certain practical significance.In this paper, we analyze the current Java Web architecture and study the principle and application of server-side Java components, including JSP, Java Servlet and JavaBean.The principle and prevention of the two high risk vulnerabilities in Web application,SQL injection and XSS cross-site scripting attack,were studied.In the process of static analysis,bidirectional taint analysis was proposed to improve the accuracy of the static analysis and obtain the taint data propagation path.In the dynamic test, this paper presents a innovative technology that we use the taint propagation path and source program slice information from static analysis to guide the test case generation and monitoring code embedment.On the basis of these researches, we develop a source code defect detection system for Java Web application, namely JavaChecker.The experimental results show that the proposed defect detection technology can effectively improve the accuracy.