Data flow analysis and testing of JSPbased Web applications

1
Data flow analysis and testing of JSP-based Web
applications

• Author Chien-hung Liu
• Source Information and Software Technology,
  P.1137-1147, Elsevier 2006
• Presented by Hung-Hsiang Chen

2
Outline

• Introduction
• Data flow test artifacts of JSP pages
• Data flow test model for JSP pages
• Intra/Inter-procedural?sessional data flow model
• The computation of definition-use chains for JSP
  pages
• The definition and uses of implicit object and
  action tag
• The computation of intra/inter-procedural and
  session definition-use chains
• Conclusions

3
Introduction

• Motivation
• JSP pages usually mix up scripts with HTML
  statements
• -make JSP difficult to understand and test.
• JSP pages do not have any compiler checking and,
  hence, can be error-prone.
• Most important, JSP pages have introduced a set
  of XML-like action tags and implicit objects,
  this paper is using those tags and objects to
  achieved research.

4
Introduction cont.

• Contribute
• Author identify and analyze the possible data
  flow test artifacts introduced by the JSP pages
• -a test model is proposed to abstract the data
  flow information for various JSP implicit objects
  and action tags.
• -an approach for computing the data flow test
  paths involving the implicit objects and action
  tags is described and illustrated.

5
Data flow test artifacts of JSP pages

• Data flow mainly focuses on the definitions of
  variables and their potential uses for exploring
  the data anomalies of programs.
• The use of variable can be classified
• C-use (computation use)
• P-use (predicate use)
• The implicit objects
• Request and response objects.
• Session objects that can store name-value pairs.

6
The redirection not only can affect the flow of
data in the JSP pages, but also can introduce
data interactions between two JSP or between a
JSP page and a java servlet.
7
(No Transcript)
8
Data flow test model for JSP pages

• The test model classified
• Intraprocedural data flow model
• Using Control Flow Graph
• Interprocedural data flow model
• Using Interporcedural Control Flow Graph
• sessional data flow model
• Using Session Control Flow Graph

9
JSP implicit objects/action tags
10
Intraprocedural data flow model using CFG
construct
11
Interprocedural data flow model example
12
Using ICFG to construct the interprocedural data
flow
13
sessional data flow model example
14
Using SCFG to construct the sessional data flow
15
The computation of definition-use chains for JSP
pages

• Based on the test models presented , the
  definition-use chains can be obtained from the
  intraprocedural, interprocedural, and sessional
  perspectives.
• In order to explore the data anomalies involving
  the implicit objects and action tags, author
  define the definitions and use for attributes
  or Java objects associated with the implicit
  objects and action tags.

16
Definitions and uses of attributes involving
implicit objects and action tags
17
Intraprocedural def-use chains
18
Interprocedural def-use chains
19
Session def-use chains
20
lt20,27gt via path 20-21-exit-(L-C-Entry-12-13-14-15
-16-17-18-19-20-21-Exit-) -L-C-Entry-12-13-14-15-
16-17-23-Exit-L-C-Entry-25-26-27
21
lt30,27gt attribute userBalance path covers
30-31-32-Exit-L-C-Entry-25-26-27 When user
navigate form ex3.jsp to ex2.jsp the line 17 of
ex2.jsp can always be true, but the line 30
cannot be referenced in line 27.
22
Session def-use chains
Figure suggests that the data flow path form
ex3.jsp to itself cannot be feasible unless the
path passes through the ex2.jsp page.
23
Conclusions

• Test models are proposed to represent the JSP
  data flow test artifacts pages with the
  considerations of the control flow
  characteristics of various JSP implicit objects
  and action tags.
• Author point out the there can exist infeasible
  path across JSP pages when computing the
  sessional data flow artifacts.