Lab 2 Static Test Project Name Grading Management Project.pdf

Trang 1

Lab 2: Static testProject name: Grading Management project

Trang 4

1.2 Introduction to the Testing Tool:

Tool name: SpotBugs

Description: SpotBugs is a program to find bugs in Java programs It looks for instances of“bug patterns” (with more than 400 bug patterns) - code instances that are likely to be errors.Developed as an evolution of the popular FindBugs tool, SpotBugs leverages static analysistechniques to scan Java programs and provide detailed reports on various types of defectsand questionable code patterns By detecting issues such as null pointer dereferences,potential security vulnerabilities, thread synchronization problems, and more, SpotBugscontributes to improving code quality, reliability, and security in Java applications.

Purpose of the Testing Tool:

Trang 5

+ Bug image:

Bug image after fixed:

Trang 6

- Bug 2:

- Type of bug: Hardcoded constant database password

- Cause: This code creates a database connect using a hardcoded, constant password.- Level: Severe

Trang 7

- Bug image:

Trang 8

- Bug image after fixed:

Trang 9

- Bug 3:

- Type of bug: May expose internal representation by returning reference to mutable object- Cause: Returning a reference to a mutable object value stored in one of the object's fieldsexposes the internal representation of the object

- Level: Low

Trang 11

+ Level: Low+ Bug image:

+ Bug image after fixed:

Trang 12

+ Cause: Classes that throw exceptions in their constructors are vulnerable toFinalizer attacks

- Bug 4:

+ Type of bug: Method may fail to close database resource

+ Cause: The method creates a database resource (such as a database connection orrow set), does not assign it to any fields, pass it to other methods, or return it, anddoes not appear to close the object on all paths out of the method.

Trang 13

2.3 Mai Thị Trà My

Bug 1:

- Type of bug: Method may fail to close database resource on exception

Trang 14

- Cause: Failure to close database resources on all paths out of a method may result in poorperformance, and could cause the application to have problems communicating with thedatabase.

- Level: low- Bug image:

Bug 2:

- Type of bug: Exception is caught when Exception is not thrown

- Cause : It is a common bug pattern to say try { } catch (Exception e) { something } as ashorthand for catching a number of types of exception each of whose catch blocks isidentical, but this construct also accidentally catches RuntimeException as well, maskingpotential bugs.

- Level: low

Trang 15

- Bug image:

Bug 3:

- Type of bug: Hardcoded constant database password

- Cause : This code creates a database connect using a hardcoded, constant password.Anyone with access to either the source code or the compiled code can easily learn thepassword.

- Level: Serious- Bug image:

Trang 16

Bug 4:

- Type of bug: Reliance on default encoding

- Cause: Found a call to a method which will perform a byte to String (or String to byte)conversion, and will assume that the default platform encoding is suitable This will cause theapplication behavior to vary between platforms Use an alternative API and specify a charsetname or Charset object explicitly.

- Level: low- Bug image:

Trang 17

2.4 Lê Đức Thắng

Bug 1:

+Bug image after fixed:

Trang 18

+Bug 2:

Trang 19

Bug 3:

Trang 20

Bug 4:

Trang 21

+

Trang 22

2.5 Vũ Đức Hoàng1.

+ Type of bug :Resources should be closed

+ Cause: when a resource is not released or closed after it has been used This cancause problems such as wasting resources, consuming unnecessary memory, orcausing performance or security issues in the application.

+ Level:Low+ Bug image:

+ Type of bug :"Class.forName()" should not load JDBC 4.0+ drivers

+ Cause: The cause of this error is usually because the programmer continues to usethe old method (Class.forName()) to load the JDBC driver instead of using theautomatic mechanism provided from JDBC 4.0 onwards.

Trang 23

+ Type of bug:Methods should not be empty

+ Cause: The main cause of this error is usually due to negligence or not payingattention to the body of a method An empty method usually makes no sense in mostcases and can make the code confusing and difficult to maintain.

+ Type of bug: Unused method parameters should be removed

+ Cause: The main cause of this error is usually because the programmer addedparameters to the method but did not use them in the body of the method This canhappen during development when parameters are added as part of the interface orgiven meaningful parameter names but are then not used in the method.+ Level:Low

Trang 24

+ Bug image:

Method may fail to close database resource

The method creates a database resource (such as a database connection or row set), doesnot assign it to any fields, pass it to other methods, or return it, and does not appear to closethe object on all paths out of the method Failure to close database resources on all pathsout of a method may result in poor performance, and could cause the application to haveproblems communicating with the database.

- Type of bug: Exception is caught when Exception is not thrown

- Cause : It is a common bug pattern to say try { } catch (Exception e) { something } as ashorthand for catching a number of types of exception each of whose catch blocks isidentical, but this construct also accidentally catches RuntimeException as well, maskingpotential bugs.

- Level: normal- Bug image: