Abstract

Static analysis is a software testing technique that analyzes the code without executing it. It is widely used to detect vulnerabilities, errors, and other issues during software development. Many tools are available for static analysis of Java code, including SpotBugs. Methods that perform a security check must be declared private or final; otherwise, they can be compromised when a malicious subclass overrides the methods and omits the checks. In Java, security checks can be performed using the SecurityManager class. This paper addresses the aforementioned problem by building a new automated checker that raises an issue when this rule is violated. The checker is built under the SpotBugs static analysis tool. We evaluated our approach on both custom test cases and real-world software, and the results revealed that the checker successfully detected related bugs in both with optimal metrics values.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
HEAT: a combined approach for thread escape analysis
Qichang Chen ... Liqiang Wang
International Journal of System Assurance Engineering and Management | VOL. 2
Qichang Chen, et. al.Qichang Chen ... Liqiang Wang
01 Jun 2011
Reducing False Alarms in Static Code Analysis with Test Code Mutants
Hyun Woo ... Kyung Goo Doh
-
Hyun Woo, et. al.Hyun Woo ... Kyung Goo Doh
22 Mar 2015
Explaining Static Analysis - A Perspective
Marcus Nachtigall ... Eric Bodden
-
Marcus Nachtigall, et. al.Marcus Nachtigall ... Eric Bodden
01 Nov 2019
A Comparative Study of Static Code Analysis tools for Vulnerability Detection in C/C++ and JAVA Source Code
Arvinder Kaur ... Ruchikaa Nayyar
Procedia Computer Science | VOL. 171
Arvinder Kaur, et. al.Arvinder Kaur ... Ruchikaa Nayyar
01 Jan 2020
View more papers

More From: Computers

Paper Title
Journal
Date
Author
LLaMA 3 vs. State-of-the-Art Large Language Models: Performance in Detecting Nuanced Fake News
Stefan Emil Repede ... Remus Brad
Computers | VOL. 13
Stefan Emil Repede, et. al.Stefan Emil Repede ... Remus Brad
11 Nov 2024
A Proposed Method of Automating Data Processing for Analysing Data Produced from Eye Tracking and Galvanic Skin Response
Javier Sáez-García ... Raúl Marticorena-Sánchez
Computers | VOL. 13
Javier Sáez-García, et. al.Javier Sáez-García ... Raúl Marticorena-Sánchez
08 Nov 2024
Modified Multiresolution Convolutional Neural Network for Quasi-Periodic Noise Reduction in Phase Shifting Profilometry for 3D Reconstruction
Osmar Antonio Espinosa-Bernal ... Efrén Gorrostieta-Hurtado
Computers | VOL. 13
Osmar Antonio Espinosa-Bernal, et. al.Osmar Antonio Espinosa-Bernal ... Efrén Gorrostieta-Hurtado
08 Nov 2024
Exploring Machine Learning Methods for Aflatoxin M1 Prediction in Jordanian Breast Milk Samples
Abdullah Aref ... Sharaf Omar
Computers | VOL. -
Abdullah Aref, et. al.Abdullah Aref ... Sharaf Omar
07 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.