[Soot-list] analyzing applications using Java Web Framework?

lu zhao 00luzhao at gmail.com
Tue Feb 12 14:44:59 EST 2013 

Hi Bernhard,

At this moment, I'm not seeking something that supports full-fledged JEE 
applications. I'd like to start with HttpSession and page dispatching 
support. If this has been done, then I'll consider other features.The 
applicationat my hand uses subclasses of HttpSession and dispatches 
requests extensively. A typical use case is retrieving asession object 
from a request, modifying its attributes, and setting it back to the 
request, which is next forwarded to otherresources. Similar operations 
may continue in the new resources.

Thanks very much,
Lu


On 02/11/2013 10:46 PM, Bernhard Berger wrote:
> Hi Lu,
>
> as Marc-André already mentioned it is not an easy task to accomplish. Especially, if you want to model the behavior of the container correctly (respecting filters, listeners, security checks and so forth). Furthermore, the work that has too done heavily depends on the frameworks you are using. If you support basic Servlets and JSP you have no chances in analyzing JSF, Struts and Spring since they have their own configuration files and framework magic.
>
> If you are interested in full-fledged JavaEE applications (even if they are just using the Web profile) the problem gets even worse. I've already solved some of those problems to get a proper call graph for JavaEE systems and I'm working on improving the code base, currently.
>
> What kind of analysis are you trying to do? And do you already have a system in mind that you want to analyze??
>
> Bernhard
>
> Am 12.02.2013 um 01:54 schrieb lu zhao <00luzhao at gmail.com>:
>
>> Hi,
>>
>> I'm new to soot and trying to analyze a web application that uses Java
>> Servlet and JSP technologies. Because many control and data flows are
>> implicitly conducted by a web container, directly analyzing the code of
>> the application is not very helpful. Is there any work that has been
>> done on modeling data and control flows of the Java Web framework? Any
>> pointers to existing work are really welcomed.
>>
>> Thanks very much,
>> Lu
> Am 12.02.2013 um 01:54 schrieb lu zhao <00luzhao at gmail.com>:
>
>> Hi,
>>
>> I'm new to soot and trying to analyze a web application that uses Java
>> Servlet and JSP technologies. Because many control and data flows are
>> implicitly conducted by a web container, directly analyzing the code of
>> the application is not very helpful. Is there any work that has been
>> done on modeling data and control flows of the Java Web framework? Any
>> pointers to existing work are really welcomed.
>>
>> Thanks very much,
>> Lu
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20130212/db078856/attachment.html

More information about the Soot-list mailing list