CN111382059A - Code quality evaluation method and system - Google Patents
Code quality evaluation method and system Download PDFInfo
- Publication number
- CN111382059A CN111382059A CN201811644109.3A CN201811644109A CN111382059A CN 111382059 A CN111382059 A CN 111382059A CN 201811644109 A CN201811644109 A CN 201811644109A CN 111382059 A CN111382059 A CN 111382059A
- Authority
- CN
- China
- Prior art keywords
- code
- evaluated
- complexity
- repetition rate
- detection information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3616—Software analysis for verifying properties of programs using software metrics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a code quality evaluation method and a system, which are applied to the technical field of information processing, wherein the method comprises the following steps: and determining the evaluation result information of the code to be evaluated through a quality evaluation module of the quality evaluation system based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module. The method comprises the steps of automatically generating vulnerability detection information, repetition rate detection information and complexity detection information of a code to be evaluated, automatically determining evaluation result information of the code to be evaluated, automatically evaluating the quality of the code to be evaluated, improving the efficiency of evaluating the quality of the code to be evaluated, and automatically determining the evaluation result information of the code to be evaluated, so that the labor cost of evaluating the quality of the code to be evaluated is reduced, the subjective influence factor of manual evaluation is reduced, and the accuracy of evaluating the quality of the code is improved.
Description
Technical Field
The present application relates to the field of information processing technologies, and in particular, to a method and a system for evaluating code quality.
Background
The code is a text composed of characters, symbols, etc. written according to a certain programming language specification. One program item is often composed of a large amount of codes, and particularly, with the development of the program item being large-sized and complicated, the writing of the codes of the corresponding program item is usually completed by the cooperation of a plurality of program developers, so that factors influencing the quality of the codes are more, such as the connection problem of the functions of the codes written by different program developers, the unified problem of writing styles, and the like. How to evaluate the quality of written code becomes a problem.
At present, the quality evaluation of codes is performed manually, that is, relevant evaluators read corresponding codes line by line, determine and mark corresponding factors affecting the quality evaluation of the codes, and then perform statistical analysis on the marked factors affecting the quality evaluation of the codes to obtain the quality evaluation results of the corresponding codes. However, according to the existing method for manually determining the quality evaluation result information of the code, high labor cost and time cost are required, and the efficiency of quality evaluation of the corresponding code is extremely low. In addition, project programs often contain a large amount of code, and a plurality of related personnel are required to evaluate the quality of the code. Therefore, the conventional method for manually determining the quality evaluation result information of the code has the problems of low efficiency and high labor cost.
Disclosure of Invention
The application provides a code quality evaluation method and a system, which are used for improving the efficiency of code quality evaluation and reducing the labor cost of code quality evaluation, and the technical scheme adopted by the application is as follows:
in a first aspect, a code quality evaluation method is provided, and is applied to a code quality evaluation system, wherein the code quality evaluation system comprises a red line scanning module, a repetition rate detection module and a complexity detection module; the method comprises the following steps:
carrying out vulnerability detection on the code to be evaluated through a red line scanning module to obtain vulnerability detection information of the code to be evaluated;
carrying out repetition rate detection on the code to be evaluated through a repetition rate detection module to obtain repetition rate detection information of the code to be evaluated;
complexity detection is carried out on the code to be evaluated through a complexity detection module, so that complexity detection information of the code to be evaluated is obtained;
and determining the evaluation result information of the code to be evaluated through the quality evaluation module based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module.
Further, the method for detecting the repetition rate of the code to be evaluated by the repetition rate detection module to obtain the repetition rate detection information of the code to be evaluated comprises the following steps:
determining the number of rows of the repeatedly used codes in the codes to be evaluated based on a corresponding similarity judgment algorithm;
and determining code repetition rate detection information of the code to be evaluated based on the number of lines of the repeatedly used code in the code to be evaluated and the total number of lines of the code to be evaluated.
Further, the complexity detection module performs complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated, and the method comprises the following steps:
determining the function complexity of each code file corresponding to the code to be evaluated;
determining the code complexity of the code to be evaluated based on the determined function complexity of each code file;
and determining code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated.
Further, determining, by the quality evaluation module, evaluation result information of the code to be evaluated based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module, and the complexity detection information obtained according to the complexity detection module, the evaluation result information including:
and performing weighted calculation based on preset weight values respectively corresponding to the vulnerability detection information, the repetition rate detection information and the complexity detection information to obtain evaluation result information of the code to be evaluated.
Further, the method further comprises: and determining the processing flow information of the code to be evaluated according to the vulnerability detection information obtained by the red line scanning module.
Further, the vulnerability detection information includes at least one of: the number of security holes, the number of red line holes, the number of style holes and the number of common holes; the method further comprises the following steps:
if the number of the security holes and the number of the red line holes meet respective preset threshold conditions, allowing the code to be evaluated to perform the next processing flow, wherein the next processing flow comprises testing the code to be evaluated;
and if the number of the security holes and the number of the red line holes do not meet the preset threshold condition, returning the code to be evaluated and feeding back feedback information suggested to be modified.
Further, the method further comprises: and determining the processing flow of the code to be evaluated according to the evaluation result information obtained by the quality evaluation module.
In a second aspect, there is provided a code quality evaluation system, the system comprising,
the red line scanning module is used for carrying out vulnerability detection on the code to be evaluated to obtain vulnerability detection information of the code to be evaluated;
the repetition rate detection module is used for carrying out repetition rate detection on the code to be evaluated to obtain the repetition rate detection information of the code to be evaluated;
the complexity detection module is used for carrying out complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated;
and the quality evaluation module is used for determining evaluation result information of the code to be evaluated based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module.
Further, the repetition rate detection module comprises a first determination unit and a second determination unit;
the first determining unit is used for determining the number of rows of the reused codes in the codes to be evaluated based on a corresponding similarity judging algorithm;
and the second determining unit is used for determining code repetition rate detection information of the code to be evaluated based on the number of the repeatedly used codes in the code to be evaluated determined by the first determining unit and the total number of the codes of the code to be evaluated.
Further, the complexity detection module comprises a third determination unit, a fourth determination unit and a fifth determination unit;
the third determining unit is used for determining the function complexity of each code file corresponding to the code to be evaluated;
the fourth determining unit is used for determining the code complexity of the code to be evaluated based on the function complexity of each code file determined by the third determining unit;
and a fifth determining unit configured to determine code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated determined by the fourth determining unit.
Further, the quality evaluation module is further configured to perform weighted calculation based on predetermined weight values respectively corresponding to the vulnerability detection information, the repetition rate detection information, and the complexity detection information to obtain evaluation result information of the code to be evaluated.
Further, the system also includes a first flow determination module;
and the first flow determining module is used for determining the processing flow information of the code to be evaluated according to the vulnerability detection information obtained by the red line scanning module.
Further, the vulnerability detection information includes at least one of: the number of security holes, the number of red line holes, the number of style holes and the number of common holes;
the first flow determining module is further used for allowing the code to be evaluated to perform the next processing flow if the number of the security vulnerabilities and the number of the red line vulnerabilities meet respective preset threshold conditions, wherein the next processing flow comprises testing the code to be evaluated;
and/or the code to be evaluated is returned and feedback information suggesting modification is fed back if the number of the security vulnerabilities and the number of the red line vulnerabilities do not meet preset threshold conditions.
Further, the system includes a second process determination module,
and the second flow determining module is used for determining the processing flow of the code to be evaluated according to the evaluation result information obtained by the quality evaluation module.
Compared with the prior art that the code quality is evaluated manually, the code quality evaluation method and the code quality evaluation system have the advantages that the red line scanning module is used for carrying out leak detection on the code to be evaluated to obtain leak detection information of the code to be evaluated, the repetition rate detection module is used for carrying out repetition rate detection on the code to be evaluated to obtain repetition rate detection information of the code to be evaluated, the complexity detection module is used for carrying out complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated, and the quality evaluation module is used for determining evaluation result information of the code to be evaluated based on the leak detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module. The evaluation result information of the code to be evaluated is automatically determined according to the automatically generated vulnerability detection information, code repetition rate detection information and code complexity detection information of the code to be evaluated, so that the automatic evaluation of the quality of the code to be evaluated is realized, and the efficiency of the quality evaluation of the code to be evaluated is improved. In addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without the participation of related evaluation personnel, the labor cost of the quality evaluation of the code to be evaluated is reduced, the subjective influence factor of the manual evaluation is reduced, and the accuracy of the code quality evaluation is improved.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a code quality evaluation method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a code quality evaluation system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of another code quality evaluation system according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The embodiment of the application provides a code quality evaluation method, which is applied to a code quality evaluation system, wherein the code quality evaluation system comprises a red line scanning module, a repetition rate detection module and a complexity detection module; as shown in fig. 1, the method includes:
s101, carrying out vulnerability detection on a code to be evaluated through a red line scanning module to obtain vulnerability detection information of the code to be evaluated;
specifically, the red line scanning module is used for detecting whether the code to be evaluated has a bug, and the red line scanning module of the corresponding quality evaluation system is used for detecting the bug of the code to be evaluated based on the corresponding bug detection method to obtain the bug detection information of the code to be evaluated.
Step S102, carrying out repetition rate detection on the code to be evaluated through a repetition rate detection module to obtain the repetition rate detection information of the code to be evaluated;
specifically, the repetition rate detection module is configured to detect repetition rate information of the code to be evaluated, and perform repetition rate detection on the code to be evaluated through the repetition rate detection module of the corresponding quality evaluation system based on the corresponding repetition rate detection method to obtain repetition rate detection information of the code to be evaluated.
Step S103, carrying out complexity detection on the code to be evaluated through a complexity detection module to obtain complexity detection information of the code to be evaluated;
specifically, the complexity detection module is configured to detect complexity information of the code to be evaluated, and perform complexity detection on the code to be evaluated through a complexity detection module of the corresponding quality evaluation system based on a corresponding complexity detection method to obtain complexity detection information of the code to be evaluated.
The specific execution sequence of step S101, step S102 and step S103 may be interchanged, and this implementation is not limited too much.
And step S104, determining evaluation result information of the code to be evaluated through the quality evaluation module based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module.
Specifically, the obtained vulnerability detection information, repetition rate detection information and complexity detection information are processed through a corresponding quality evaluation module of a quality evaluation system based on a corresponding calculation processing method, and evaluation result information of the code to be evaluated is determined.
Compared with the prior art that the code quality is evaluated manually, the code quality evaluation method comprises the steps of carrying out leak detection on a code to be evaluated through a red line scanning module to obtain leak detection information of the code to be evaluated, carrying out repetition rate detection on the code to be evaluated through a repetition rate detection module to obtain repetition rate detection information of the code to be evaluated, carrying out complexity detection on the code to be evaluated through a complexity detection module to obtain complexity detection information of the code to be evaluated, and determining evaluation result information of the code to be evaluated through a quality evaluation module based on the leak detection information obtained through the red line scanning module, the repetition rate detection information obtained through the repetition rate detection module and the complexity detection information obtained through the complexity detection module. The evaluation result information of the code to be evaluated is automatically determined according to the automatically generated vulnerability detection information, code repetition rate detection information and code complexity detection information of the code to be evaluated, so that the automatic evaluation of the quality of the code to be evaluated is realized, and the efficiency of the quality evaluation of the code to be evaluated is improved. In addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without the participation of related evaluation personnel, the labor cost of the quality evaluation of the code to be evaluated is reduced, the subjective influence factor of the manual evaluation is reduced, and the accuracy of the code quality evaluation is improved.
The embodiment of the present application provides a possible implementation manner, and specifically, step 102 includes:
step S1021 (not shown in the figure), determining the number of lines of the reused code in the code to be evaluated based on the corresponding similarity determination algorithm;
specifically, the vector representation of each line of codes can be determined, by calculating the hamming distance or the euclidean distance between each line of codes, when the hamming distance or the euclidean distance between each line of codes is less than a predetermined threshold value, the repetition of the corresponding code behavior is determined, and then the line number of the code repeatedly used in the code to be evaluated is determined according to the code line determined to be repeated. The comparison of whether the code lines are repeated may be performed line by line, or may be performed in units of a certain threshold number of lines, for example, in units of 10 lines.
Step S1022 (not shown in the figure), the code repetition rate detection information of the code to be evaluated is determined based on the number of lines of the reused code in the code to be evaluated and the total number of lines of the code to be evaluated.
Wherein, the calculation formula of the code repetition rate can be represented by formula 1):
code repetition rate ═ code repetition line number/total code line number formula 1)
Specifically, the code repetition rate of the code to be evaluated is determined according to formula 1, and then the repetition rate evaluation information of the code to be evaluated is determined according to the determined relationship table of the code repetition rate interval value and the repetition rate evaluation information, for example, the code repetition rate is 4%, and the code repetition rate interval value and the repetition rate evaluation information relationship table shows that: the repetition rate evaluation information corresponding to the code repetition rate section of 3% to 6% is 85, and the repetition rate evaluation information corresponding to the code repetition rate section of 4% is 85.
For the embodiment of the application, the code repetition rate evaluation information of the code to be evaluated is determined based on the number of lines of the repeatedly used code in the code to be evaluated and the total number of lines of the code to be evaluated, so that the problem of determining the code repetition rate detection information is solved, and a basis is provided for determining the evaluation result information of the code to be evaluated.
The embodiment of the present application provides a possible implementation manner, and specifically, step 103 includes:
step S1031 (not shown in the figure), determining the function complexity of each code file corresponding to the code to be evaluated;
for the embodiment, determining the function complexity of each code file corresponding to the code to be evaluated by a corresponding function complexity determining method; the function complexity may be a cyclic complexity (cyclic complexity), which is used to measure the complexity of a module determination structure, and the number of paths is linearly independent in number, that is, the minimum number of paths to be tested for reasonably preventing errors, and a large cyclic complexity indicates that the program code may have low quality and is difficult to test and maintain.
Illustratively, if a section of code does not contain a control flow statement (condition or decision point), the round-robin complexity of the section of code is 1, because there is only one path in the section of code; if a section of code only contains an if statement and the if statement only has a condition, the circle complexity of the section of code is 2; the degree of complexity of a code block containing two nested if-statements, or one if-statement with two conditions, is 3.
Step S1032 (not shown in the figure), determining the code complexity of the code to be evaluated based on the determined function complexity of each code file;
specifically, the average value of the function complexities of the respective code files may be used as the code complexity of the code to be evaluated.
Step S1033 (not shown in the figure), determines code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated.
Specifically, the code complexity detection information of the code to be evaluated may be determined based on a mapping relationship list of the code complexity and the code complexity evaluation information.
For the embodiment, the problem of determining the code complexity detection information of the code to be evaluated is solved by determining the function complexity of each code file corresponding to the code to be evaluated, determining the code complexity of the code to be evaluated according to the function complexity of each code file, and then determining the code complexity evaluation information of the code to be evaluated according to the code complexity of the code to be evaluated, so that a basis is provided for determining the evaluation result information of the code to be evaluated.
The embodiment of the present application provides a possible implementation manner, and specifically, step 104 includes:
step S1041 (not shown in the figure), performing weighted calculation based on predetermined weight values respectively corresponding to the vulnerability detection information, the repetition rate detection information, and the complexity detection information, to obtain evaluation result information of the code to be evaluated.
Specifically, the vulnerability detection information, the repetition rate detection information and the complexity detection information respectively correspond to a predetermined weight value, and the vulnerability detection information, the repetition rate detection information and the complexity detection information are weighted and calculated to determine the evaluation result information of the code to be evaluated.
The vulnerability detection information, the repetition rate detection information, and the complexity detection information may be corresponding fractional values or quantitative values, and the calculation formula of the evaluation result information may be determined by formula 2): evaluation result information ═ 0.8 × vulnerability detection information +0.1 × complexity detection information +0.1 × repetition rate detection information formula 2)
According to the embodiment of the application, the vulnerability detection information, the repetition rate detection information and the complexity detection information are weighted and calculated, and the evaluation result information of the code to be evaluated is determined, so that the evaluation result information of the code to be evaluated is automatically determined, the quality evaluation efficiency of the code to be evaluated is improved, in addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without too many related evaluators, the labor cost of quality evaluation of the code to be evaluated is reduced, the subjective influence factor of manual evaluation is reduced, and the accuracy of code quality evaluation is improved.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
step S105 (not shown in the figure), determining processing flow information of the code to be evaluated according to the vulnerability detection information obtained by the red line scanning module.
Specifically, processing flow information of the code to be evaluated is determined according to the vulnerability detection information obtained through the red line scanning module through a preset corresponding judgment method.
According to the embodiment of the application, the processing flow information of the code to be evaluated is automatically determined according to the vulnerability detection information obtained by the red line scanning module, so that the efficiency of correspondingly processing the code to be evaluated can be improved.
The embodiment of the application provides a possible implementation manner, and the vulnerability detection information includes at least one of the following items: the number of security holes, the number of red line holes, the number of style holes and the number of common holes, and the method further comprises the following steps:
step 106 (not shown in the figure), if the number of the security vulnerabilities and the number of the red line vulnerabilities meet respective preset threshold conditions, allowing the code to be evaluated to perform the next processing flow, wherein the next processing flow comprises testing the code to be evaluated;
specifically, if the number of security holes and the number of red line holes respectively satisfy their respective preset threshold conditions, the code to be evaluated is allowed to enter the next processing flow.
And step 107 (not shown in the figure), if the number of the security vulnerabilities and the number of the red line vulnerabilities do not meet preset threshold conditions, returning the code to be evaluated and feeding back feedback information which is recommended to be modified.
Specifically, if any one of the number of the security holes and the number of the red line holes does not meet a preset threshold condition, returning the code to be evaluated and feeding back feedback information suggested to be modified.
For the embodiment of the application, the processing flow information of the code to be evaluated is determined based on the number of the security holes and the number of the red line holes, so that the automatic determination of the processing flow information of the code to be evaluated is realized.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
and step 108 (not shown in the figure), determining the processing flow of the code to be evaluated according to the evaluation result information obtained by the quality evaluation module.
Specifically, the processing flow of the code to be evaluated is determined according to the evaluation result information obtained by the quality evaluation module, wherein the evaluation result information may be a specific score value, and the processing flow information of the code to be evaluated is determined based on the relationship between the score value and the set threshold value.
For the embodiment of the application, the processing flow of the code to be evaluated is determined based on the evaluation result information, so that the automatic determination of the processing flow of the code to be evaluated is realized.
Fig. 2 is a system for evaluating code quality according to an embodiment of the present application, where the system 20 includes: a red line scanning module 201, a repetition rate detection module 202, a complexity detection module 203 and a quality evaluation module 204;
the red line scanning module 201 is configured to perform vulnerability detection on the code to be evaluated to obtain vulnerability detection information of the code to be evaluated;
the repetition rate detection module 202 is configured to perform repetition rate detection on the code to be evaluated to obtain repetition rate detection information of the code to be evaluated;
the complexity detection module 203 is configured to perform complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated;
the quality evaluation module 204 is configured to determine evaluation result information of the code to be evaluated based on the vulnerability detection information obtained according to the red line scanning module 201, the repetition rate detection information obtained according to the repetition rate detection module 202, and the complexity detection information obtained according to the complexity detection module 203.
Compared with the prior art that code quality is evaluated manually, the code quality evaluation method and the code quality evaluation system have the advantages that vulnerability detection is conducted on codes to be evaluated through the red line scanning module, vulnerability detection information of the codes to be evaluated is obtained, repetition rate detection is conducted on the codes to be evaluated through the repetition rate detection module, repetition rate detection information of the codes to be evaluated is obtained, complexity detection is conducted on the codes to be evaluated through the complexity detection module, complexity detection information of the codes to be evaluated is obtained, and evaluation result information of the codes to be evaluated is determined through the quality evaluation module based on the vulnerability detection information obtained through the red line scanning module, the repetition rate detection information obtained through the repetition rate detection module and the complexity detection information obtained through the complexity detection module. The evaluation result information of the code to be evaluated is automatically determined according to the automatically generated vulnerability detection information, code repetition rate detection information and code complexity detection information of the code to be evaluated, so that the automatic evaluation of the quality of the code to be evaluated is realized, and the efficiency of the quality evaluation of the code to be evaluated is improved. In addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without the participation of related evaluation personnel, the labor cost of the quality evaluation of the code to be evaluated is reduced, the subjective influence factor of the manual evaluation is reduced, and the accuracy of the code quality evaluation is improved.
The code quality evaluation system of this embodiment may execute a code quality evaluation method provided in the above embodiments of this application, and the implementation principles thereof are similar, and are not described herein again.
An embodiment of the present application provides another code quality evaluation system, as shown in fig. 3, a system 30 of the present embodiment includes: a red line scanning module 301, a repetition rate detection module 302, a complexity detection module 303 and a quality evaluation module 304;
the red line scanning module 301 is configured to perform vulnerability detection on the code to be evaluated to obtain vulnerability detection information of the code to be evaluated;
the red line scanning module 301 in fig. 3 has the same or similar function as the red line scanning module 201 in fig. 2.
The repetition rate detection module 302 is configured to perform repetition rate detection on the code to be evaluated to obtain repetition rate detection information of the code to be evaluated;
wherein the repetition rate detection module 302 of fig. 3 has the same or similar function as the repetition rate detection module 202 of fig. 2.
The complexity detection module 303 is configured to perform complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated;
here, the complexity detection module 303 in fig. 3 has the same or similar function as the complexity detection module 203 in fig. 2.
The quality evaluation module 304 is configured to determine evaluation result information of the code to be evaluated based on the vulnerability detection information obtained from the red line scanning module 301, the repetition rate detection information obtained from the repetition rate detection module 302, and the complexity detection information obtained from the complexity detection module 303.
The quality evaluation module 304 in fig. 3 has the same or similar function as the quality evaluation module 204 in fig. 2.
The embodiment of the present application provides a possible implementation manner, and specifically, the repetition rate detection module 302 includes a first determining unit 3021 and a second determining unit 3022;
a first determining unit 3021, configured to determine, based on a corresponding similarity determination algorithm, a number of lines of a reused code in a code to be evaluated;
a second determining unit 3022, configured to determine code repetition rate detection information of the code to be evaluated based on the number of lines of the reused code and the total number of lines of the code to be evaluated in the code to be evaluated, which are determined by the first determining unit 3021.
For the embodiment of the application, the code repetition rate evaluation information of the code to be evaluated is determined based on the number of lines of the repeatedly used code in the code to be evaluated and the total number of lines of the code to be evaluated, so that the problem of determining the code repetition rate detection information is solved, and a basis is provided for determining the evaluation result information of the code to be evaluated.
The embodiment of the present application provides a possible implementation manner, and specifically, the complexity detection module 303 includes a third determination unit 3031, a fourth determination unit 3032, and a fifth determination unit 3033;
a third determining unit 3031, configured to determine the function complexity of each code file corresponding to the code to be evaluated;
a fourth determining unit 3032, configured to determine the code complexity of the code to be evaluated based on the function complexity of each code file determined by the third determining unit 3031;
a fifth determining unit 3033, configured to determine code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated determined by the fourth determining unit 3032.
For the embodiment, the problem of determining the code complexity detection information of the code to be evaluated is solved by determining the function complexity of each code file corresponding to the code to be evaluated, determining the code complexity of the code to be evaluated according to the function complexity of each code file, and then determining the code complexity evaluation information of the code to be evaluated according to the code complexity of the code to be evaluated, so that a basis is provided for determining the evaluation result information of the code to be evaluated.
The embodiment of the present application provides a possible implementation manner, and specifically, the quality evaluation module 304 is further configured to perform weighted calculation based on predetermined weight values respectively corresponding to the vulnerability detection information, the repetition rate detection information, and the complexity detection information, so as to obtain evaluation result information of the code to be evaluated.
According to the embodiment of the application, the vulnerability detection information, the repetition rate detection information and the complexity detection information are weighted and calculated, and the evaluation result information of the code to be evaluated is determined, so that the evaluation result information of the code to be evaluated is automatically determined, the quality evaluation efficiency of the code to be evaluated is improved, in addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without too many related evaluators, the labor cost of quality evaluation of the code to be evaluated is reduced, the subjective influence factor of manual evaluation is reduced, and the accuracy of code quality evaluation is improved.
The embodiment of the present application provides a possible implementation manner, and specifically, the system further includes a first procedure determining module 305;
the first flow determining module 305 is configured to determine processing flow information of the code to be evaluated according to the vulnerability detection information obtained by the red line scanning module.
According to the embodiment of the application, the processing flow information of the code to be evaluated is automatically determined according to the vulnerability detection information obtained by the red line scanning module, so that the efficiency of correspondingly processing the code to be evaluated can be improved.
The embodiment of the present application provides a possible implementation manner, and specifically, the vulnerability detection information includes at least one of the following: the number of security holes, the number of red line holes, the number of style holes and the number of common holes;
the first process determining module 305 is further configured to allow the code to be evaluated to perform a next processing process if the number of the security vulnerabilities and the number of the red line vulnerabilities meet respective preset threshold conditions, where the next processing process includes testing the code to be evaluated;
and/or the code to be evaluated is returned and feedback information suggesting modification is fed back if the number of the security vulnerabilities and the number of the red line vulnerabilities do not meet preset threshold conditions.
For the embodiment of the application, the processing flow information of the code to be evaluated is determined based on the number of the security holes and the number of the red line holes, so that the automatic determination of the processing flow information of the code to be evaluated is realized.
The embodiment of the present application provides a possible implementation manner, and specifically, the system further includes a second process determining module 306,
and a second process determining module 306, configured to determine a processing process of the code to be evaluated according to the evaluation result information obtained by the quality evaluation module.
For the embodiment of the application, the processing flow of the code to be evaluated is determined based on the evaluation result information of the code to be evaluated, so that the automatic determination of the processing flow of the code to be evaluated is realized.
Compared with the prior art that code quality is evaluated manually, the code quality evaluation method and the code quality evaluation system have the advantages that vulnerability detection is conducted on codes to be evaluated through the red line scanning module, vulnerability detection information of the codes to be evaluated is obtained, repetition rate detection is conducted on the codes to be evaluated through the repetition rate detection module, repetition rate detection information of the codes to be evaluated is obtained, complexity detection is conducted on the codes to be evaluated through the complexity detection module, complexity detection information of the codes to be evaluated is obtained, and evaluation result information of the codes to be evaluated is determined through the quality evaluation module based on the vulnerability detection information obtained through the red line scanning module, the repetition rate detection information obtained through the repetition rate detection module and the complexity detection information obtained through the complexity detection module. The evaluation result information of the code to be evaluated is automatically determined according to the automatically generated vulnerability detection information, code repetition rate detection information and code complexity detection information of the code to be evaluated, so that the automatic evaluation of the quality of the code to be evaluated is realized, and the efficiency of the quality evaluation of the code to be evaluated is improved. In addition, the evaluation result information of the code to be evaluated is automatically determined, the evaluation work of the code to be evaluated can be completed without the participation of related evaluation personnel, the labor cost of the quality evaluation of the code to be evaluated is reduced, the subjective influence factor of the manual evaluation is reduced, and the accuracy of the code quality evaluation is improved.
The code quality evaluation system of this embodiment may execute a code quality evaluation method provided in the above embodiments of this application, and the implementation principles thereof are similar, and are not described herein again.
Claims (10)
1. A code quality evaluation method is characterized in that the method is applied to a code quality evaluation system, and the code quality evaluation system comprises a red line scanning module, a repetition rate detection module and a complexity detection module; the method comprises the following steps:
carrying out vulnerability detection on a code to be evaluated through the red line scanning module to obtain vulnerability detection information of the code to be evaluated;
carrying out repetition rate detection on the code to be evaluated through the repetition rate detection module to obtain repetition rate detection information of the code to be evaluated;
complexity detection is carried out on the code to be evaluated through the complexity detection module, and complexity detection information of the code to be evaluated is obtained;
and determining evaluation result information of the code to be evaluated through a quality evaluation module based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module.
2. The method according to claim 1, wherein the performing repetition rate detection on the code to be evaluated by the repetition rate detection module to obtain repetition rate detection information of the code to be evaluated comprises:
determining the number of rows of the repeatedly used codes in the codes to be evaluated based on a corresponding similarity judgment algorithm;
and determining code repetition rate detection information of the code to be evaluated based on the number of lines of the repeatedly used code in the code to be evaluated and the total number of lines of the code to be evaluated.
3. The method according to claim 1, wherein the performing complexity detection on the code to be evaluated by the complexity detection module to obtain complexity detection information of the code to be evaluated comprises:
determining the function complexity of each code file corresponding to the code to be evaluated;
determining the code complexity of the code to be evaluated based on the determined function complexity of each code file;
and determining code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated.
4. The method according to claim 1, wherein the determining, by the quality evaluation module, evaluation result information of the code to be evaluated based on the vulnerability detection information obtained from the red line scanning module, the repetition rate detection information obtained from the repetition rate detection module, and the complexity detection information obtained from the complexity detection module comprises:
and performing weighted calculation based on preset weight values respectively corresponding to the vulnerability detection information, the repetition rate detection information and the complexity detection information to obtain evaluation result information of the code to be evaluated.
5. The method of claim 1, further comprising:
and determining the processing flow information of the code to be evaluated according to the vulnerability detection information obtained by the red line scanning module.
6. The method of claim 1, wherein the vulnerability detection information comprises at least one of: the number of security holes, the number of red line holes, the number of style holes and the number of common holes; the method further comprises the following steps:
if the number of the security holes and the number of the red line holes meet respective preset threshold conditions, allowing the code to be evaluated to perform a next processing flow, wherein the next processing flow comprises testing the code to be evaluated;
and if the number of the security holes and the number of the red line holes do not meet the preset threshold condition, returning the code to be evaluated and feeding back feedback information suggested to be modified.
7. The method of claim 1, further comprising:
and determining the processing flow of the code to be evaluated according to the evaluation result information obtained by the quality evaluation module.
8. A code quality evaluation system, comprising:
the system comprises a red line scanning module, a processing module and a processing module, wherein the red line scanning module is used for carrying out vulnerability detection on a code to be evaluated to obtain vulnerability detection information of the code to be evaluated;
the repetition rate detection module is used for carrying out repetition rate detection on the code to be evaluated to obtain the repetition rate detection information of the code to be evaluated;
the complexity detection module is used for carrying out complexity detection on the code to be evaluated to obtain complexity detection information of the code to be evaluated;
and the quality evaluation module is used for determining evaluation result information of the code to be evaluated based on the vulnerability detection information obtained according to the red line scanning module, the repetition rate detection information obtained according to the repetition rate detection module and the complexity detection information obtained according to the complexity detection module.
9. The system of claim 8, wherein the repetition rate detection module comprises a first determination unit and a second determination unit;
the first determining unit is used for determining the number of lines of the reused codes in the codes to be evaluated based on a corresponding similarity judging algorithm;
the second determining unit is configured to determine code repetition rate detection information of the code to be evaluated based on the number of lines of the reused code in the code to be evaluated determined by the first determining unit and the total number of lines of the code to be evaluated.
10. The system of claim 8, wherein the complexity detection module comprises a third determination unit, a fourth determination unit, and a fifth determination unit;
the third determining unit is configured to determine the function complexity of each code file corresponding to the code to be evaluated;
the fourth determining unit is configured to determine the code complexity of the code to be evaluated based on the function complexity of each code file determined by the third determining unit;
the fifth determining unit is configured to determine code complexity detection information of the code to be evaluated based on the code complexity of the code to be evaluated determined by the fourth determining unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811644109.3A CN111382059A (en) | 2018-12-29 | 2018-12-29 | Code quality evaluation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811644109.3A CN111382059A (en) | 2018-12-29 | 2018-12-29 | Code quality evaluation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111382059A true CN111382059A (en) | 2020-07-07 |
Family
ID=71218208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811644109.3A Pending CN111382059A (en) | 2018-12-29 | 2018-12-29 | Code quality evaluation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111382059A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115599695A (en) * | 2022-11-04 | 2023-01-13 | 广州嘉为科技有限公司(Cn) | Quality red line interception method, device and medium based on pipeline code scanning |
-
2018
- 2018-12-29 CN CN201811644109.3A patent/CN111382059A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115599695A (en) * | 2022-11-04 | 2023-01-13 | 广州嘉为科技有限公司(Cn) | Quality red line interception method, device and medium based on pipeline code scanning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8954807B2 (en) | Fault-based software testing method and system | |
| CN106294120B (en) | Method, apparatus and computer program product for testing code | |
| US10552302B2 (en) | System and method for analyzing risks present in a software program code | |
| EP2058747A2 (en) | Device and method for inspecting software for vulnerabilities | |
| US11580425B2 (en) | Managing defects in a model training pipeline using synthetic data sets associated with defect types | |
| US10761961B2 (en) | Identification of software program fault locations | |
| EP3264274A1 (en) | Input discovery for unknown program binaries | |
| US20230267073A1 (en) | Machine-learning based software testing technique | |
| Badri et al. | Predicting unit testing effort levels of classes: An exploratory study based on multinomial logistic regression modeling | |
| CN104317707A (en) | Program structure influence sensing based software error positioning method | |
| Kim et al. | Empirical evaluation of existing algorithms of spectrum based fault localization | |
| CN113886373A (en) | Data processing method and device and electronic equipment | |
| CN111382059A (en) | Code quality evaluation method and system | |
| CN111382052A (en) | Code quality evaluation method and device and electronic equipment | |
| CN108763092B (en) | Code defect detection method and device based on cross validation | |
| CN109145609B (en) | Data processing method and device | |
| CN111078526A (en) | Test case generation method and device and storage medium | |
| KR20130022280A (en) | Low cost apparatus and method for error-based program testing | |
| KR102275635B1 (en) | Apparatus and method for detecting anomaly through function call pattern analysis | |
| Parsa et al. | A new algorithm to Test Suite Reduction based on cluster analysis | |
| CN108415836B (en) | Method and system for detecting performance change of computer system by using application program | |
| Mao et al. | Extracting the representative failure executions via clustering analysis based on Markov profile model | |
| CN107102938B (en) | Test script updating method and device | |
| AU2021103087A4 (en) | Big data testing method and system | |
| CN110658194A (en) | Keyboard detection method and keyboard detection equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |