[Soot-list] analyzing applications using Java Web Framework?

Bernhard Berger berber at tzi.de
Tue Feb 12 01:46:20 EST 2013 

Hi Lu,

as Marc-André already mentioned it is not an easy task to accomplish. Especially, if you want to model the behavior of the container correctly (respecting filters, listeners, security checks and so forth). Furthermore, the work that has too done heavily depends on the frameworks you are using. If you support basic Servlets and JSP you have no chances in analyzing JSF, Struts and Spring since they have their own configuration files and framework magic.

If you are interested in full-fledged JavaEE applications (even if they are just using the Web profile) the problem gets even worse. I've already solved some of those problems to get a proper call graph for JavaEE systems and I'm working on improving the code base, currently. 

What kind of analysis are you trying to do? And do you already have a system in mind that you want to analyze??

Bernhard

Am 12.02.2013 um 01:54 schrieb lu zhao <00luzhao at gmail.com>:

> Hi,
> 
> I'm new to soot and trying to analyze a web application that uses Java 
> Servlet and JSP technologies. Because many control and data flows are 
> implicitly conducted by a web container, directly analyzing the code of 
> the application is not very helpful. Is there any work that has been 
> done on modeling data and control flows of the Java Web framework? Any 
> pointers to existing work are really welcomed.
> 
> Thanks very much,
> Lu
Am 12.02.2013 um 01:54 schrieb lu zhao <00luzhao at gmail.com>:

> Hi,
> 
> I'm new to soot and trying to analyze a web application that uses Java 
> Servlet and JSP technologies. Because many control and data flows are 
> implicitly conducted by a web container, directly analyzing the code of 
> the application is not very helpful. Is there any work that has been 
> done on modeling data and control flows of the Java Web framework? Any 
> pointers to existing work are really welcomed.
> 
> Thanks very much,
> Lu
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list

More information about the Soot-list mailing list