Parasoft continues to send its Jtest Java testing suite out to hunt down bad Java code. And Jtest knows that the definition of bad Java code continues to expand: One bit of code might be bad because its developer didn’t follow best practices for coding style, making it difficult for other programmers to understand and interface with it. Yet another bit might be bad because it is poorly factored and overly complex, or because it crashes when executed. A different bit of code might be bad because it was written with no consideration for security and could be easily compromised by a malicious hacker.
I’ve reviewed two previous editions of Jtest — Jtest 7.0 and Jtest 5.0 — but in Version 8, Jtest updates and extends several existing features. For example, Jtest 7.0’s static-analysis engine came pre-loaded with 500 rules that allowed it to locate problems and coding violations by examining an application’s source. The static-analysis component in Jtest 8 is equipped with more than 700 such rules.
New rules cover areas such as Java 5 specifics and Hibernate, and you can still define your own rules, although I found that process a bit complicated on account of the elaborate syntax Jtest employs. On the one hand, the language used to define rules allows you to cover a wide range of contingencies; on the other hand, the richness of the language creates a steep learning curve.
Jtest’s static-analysis machinery has also been modified, turning it into a kind of static/dynamic hybrid. Specifically, the new BugDetective module examines source and class files (without executing them, mind you), explores execution paths, and uncovers potential bugs that would otherwise appear only after lengthy run-time testing.
BugDetective’s execution explorations are not limited to a method, a class, or even a package; they can cross all logical boundaries. In addition, when it finds a problem, it not only locates where the problem is likely to manifest itself, but it also identifies the problem’s origins so that you can tell where the “bad data” got into the system.
BugDetective will locate potential null-pointer exceptions, resource leaks (such as neglecting to close an opened socket), and a variety of security issues. In this last case, most of BugDetective’s security rules locate code vulnerable to injection attacks: code that uses “uncleansed” user input to create a resource path string, or a query string.
| Click for larger view. |
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
| 20% | 20% | 20% | 20% | 10% | 10% | ||
| Parasoft Jtest 8 | 9 | 10 | 9 | 9 | 8 | 8 |
9.0
Excellent
|
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect businesscritical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
