KR102639211B1 - Source code inspection system and method - Google Patents

Abstract

The present invention relates to a source code inspection system and method that performs static inspection of source codes by processing test tools in parallel, and outputs and monitors the inspection results of the source codes.
The source code inspection system according to an embodiment of the present invention includes a message receiver that receives a message from the outside using the HTTP protocol, and a target source that receives a target source compressed in ZIP based on the contents of the message received by the message receiver. A receiving unit, a target source copy unit that decompresses the target source compressed in the ZIP and copies the original source, and loads CLI commands of each tool for inspecting the source code to perform an inspection of the source code, It includes an inspection unit that allows each of the tools to perform inspection simultaneously.

Description

Source code inspection system and method}

The present invention relates to a source code inspection system and method. More specifically, a source code inspection system that processes test tools in parallel to perform static inspection of source codes and outputs and monitors the inspection results of the source codes. and methods.

In addition to the business to be implemented when developing software, activities to ensure quality such as security-secure coding, SQL consistency verification, and memory rule verification are important. To ensure the quality of such software, it is important to inspect the source code of each element, and inspection of the source code has mainly depended on each specialized company or expert for each test tool. In addition, in order to ensure the quality of software, test tools to inspect each element must be performed individually and sequentially, which causes the problem of taking a lot of inspection time.

In addition, each test tool must be started and the source code tested according to the menu for each test tool, but the method of use for each test tool is different, making it difficult to learn how to use it.

The present invention is intended to solve the problems described above, and provides a source code inspection system and method that processes test tools in parallel to perform static inspection of source codes, and outputs and monitors the inspection results of the source codes. The purpose is to

In addition to the technical problems of the present invention mentioned above, other features and advantages of the present invention are described below, or can be clearly understood by those skilled in the art from such description and description.

The source code inspection system according to an embodiment of the present invention to achieve the purpose described above includes a message receiver that receives a message from the outside using the HTTP protocol, and an object compressed into ZIP based on the contents of the message received from the message receiver. Inspection of the source code by loading the target source receiving unit that receives the source, the target source copy unit that uncompresses the target source compressed in ZIP and copies the original source, and the CLI commands of each tool for inspecting the source code. , but may include an inspection unit that allows each tool to perform inspection simultaneously.

On the other hand, the source code inspection method according to an embodiment of the present invention to achieve the purpose described above includes the steps of receiving a message from the outside using the HTTP protocol, and selecting the target source compressed as a ZIP based on the contents of the received message. Receiving steps, decompressing the target source compressed in ZIP, copying the original source, and loading the CLI commands of each tool for inspecting the source code to inspect the source code. Each tool It may include a step of performing tests at the same time.

The source code inspection system and method according to an embodiment of the present invention can shorten the inspection time by processing test tools in parallel and performing static inspection of source codes.

In addition, the results of inspecting the source codes can be output and monitored so that the user can check the inspection progress.

In addition, other features and advantages of the present invention may be newly understood through embodiments of the present invention.

Figure 1 is a diagram showing the configuration of a source code inspection system according to an embodiment of the present invention.
Figure 2 is a diagram showing a parallel processing test tool according to an embodiment of the present invention.
Figure 3 is a diagram showing the inspection of a tool that cannot be performed simultaneously with other tools among a plurality of tools.
Figure 4 is a diagram showing inspection of a tool with license restrictions among a plurality of tools.
Figure 5 is a diagram showing inspection according to CLI commands according to an embodiment of the present invention.
Figure 6 is an exemplary diagram of an inspection situation displayed on a display unit according to an embodiment of the present invention.
Figure 7 is a diagram showing a source code inspection method according to an embodiment of the present invention.

In order to clearly explain the present invention, parts that are not relevant to the description are omitted, and identical or similar components are assigned the same reference numerals throughout the specification.

Although not defined differently, all terms including technical and scientific terms used herein have the same meaning as those generally understood by those skilled in the art in the technical field to which the present invention pertains. Terms defined in commonly used dictionaries are further interpreted as having meanings consistent with related technical literature and currently disclosed content, and are not interpreted in ideal or very formal meanings unless defined.

Hereinafter, with reference to the attached drawings, embodiments of the present invention will be described in detail so that those skilled in the art can easily implement the present invention. However, the present invention may be implemented in many different forms and is not limited to the embodiments described herein.

1 is a diagram showing the configuration of a source code inspection system according to an embodiment of the present invention.

Referring to Figure 1, the source code inspection system 100 according to an embodiment of the present invention includes a message receiving unit 110, a target source receiving unit 120, a target source copying unit 130, an inspection unit 140, and a database 150. ) and a display unit 160.

The source code inspection system 100 according to an embodiment of the present invention may be a computer including a process and memory.

The message receiver 110 can receive a message from the outside using the HTTP protocol. According to the present invention, the external input protocol may be HTTP, and the message receiver 110 may receive and process information about one test formatted as JSON (JavaScript Object Notion).

Here, the message received by the message receiver 110 may include a test number, order, and test tool code. According to the present invention, a plurality of tests to check the source code can be performed simultaneously, and thus it is possible to check which test the message is being tested for through the test number included in the message. In addition, the source code can be tested again, and the test order of the message can be confirmed through the order included in the message. Additionally, one test may consist of multiple tools, and accordingly, it is possible to check which tool the message is being tested on through the test tool code included in the message.

Here, the message received by the message receiver 110 may be the source code to be inspected, and the information included in the source code may be information necessary for extracting CLI information for executing tools for testing the source code. . Here, CLI information may be stored in the database 150.

The target source receiver 120 can connect to the database 150, where the target source to be tested is stored, based on the contents of the received message, using the STFP protocol and receive the target source compressed in ZIP. Here, although the database in which the CLI information is stored and the database in which the target source is stored are described as the same, the database in which the CLI information is stored and the database in which the target source is stored may have different configurations.

The target source receiving unit 120 can receive files (compressed target source) by connecting to the SFTP protocol and receiving files with more enhanced security than FTP. At this time, the necessary SFTP connection information may be stored in a separate property file.

The target source copy unit 130 can decompress the target source compressed into a ZIP received from the target source receiver 120 and copy the original source. Among the tools for testing source code, there may be tools that lock the target source file and prevent other processes from occupying the file. The target source copy unit 130 can create a copy of the original source so that tests can be performed on these tools. In other words, the target source copy unit 130 copies the target source, stores the original source in the workspace for each tool, and performs a check on the copied copy of the target source, so that the target source file is locked in the tools. Tests can also be performed.

The inspection unit 140 may load the CLI command of each tool for inspecting source code using information included in the message received from the message receiver 110. Here, the CLI commands of each tool may be analyzed in advance before inspection and stored in the database 150.

Depending on the tools used to inspect the source code, some tools may inspect the source code directly, but there may also be tools that require executing a CLI command first before inspecting the source code. For example, in the case of a third tool, in order to inspect source code written in Java, the steps are [Create project -> Assign user to project -> Perform inspection], and then inspect source code written in C or C++. To perform this, you can go through the following steps: [Create project -> Assign user to project -> Build -> Perform inspection]. Here, the inspection unit 140 can sequentially execute the CLI for each step. Additionally, in the case of the second tool, it may be the [inspection performance] step, and the inspection unit 150 may execute the CLI for the inspection performance step.

That is, the type and number of CLIs to be executed for each tool may be different, and the inspection unit 150 may perform the inspection by sequentially executing the CLI for each tool.

At this time, the type and number of CLIs to be executed for each tool can be stored in the database 150 only once when the tool is introduced, and from then on, inspection through the tool can be performed through the information stored in the database 150. . Accordingly, the user can perform the inspection using the stored CLI, thereby overcoming the inconvenience of having to execute complex CLI one by one.

Here, tools for inspecting source code can be executed in parallel. In other words, each tool can inspect the source code at the same time. Because of this, the total time required to inspect source code can be reduced.

Additionally, as an example for each tool, the first tool can measure code complexity, and the second tool can verify C/C++ coding rules. In addition, the third tool can verify Java/C/C++/Javascript secure coding and memory rules, the fourth tool can verify C/C++ memory rules, and the fifth tool measures code redundancy. The sixth tool can verify C# coding rules. In addition, the 7th tool verifies SQR consistency, the 8th tool verifies the output, and the 9th tool verifies open source citations.

Program languages that support code inspection may be C, C++, Java, or Javascript. Here, if a tool is added in the future, it may be possible to apply it through customization after analyzing the specifications of the added tool.

Previously, tests were performed individually for each tool, and in the process, input values for performing each tool had to be handled each time, causing a lot of inconvenience. However, according to an embodiment of the present invention, it is convenient because all tools can be performed simultaneously with a single input value, and this can reduce the burden of performing source code inspection. In addition, since the source code can be inspected with more frequent inspection cycles than the existing inspection cycle, the stability of the source code can be secured.

The display unit 160 can display test results. Since the time required to inspect the source code can take up to tens of hours, the display unit 160 can display information about the process and status of the source code inspection. The display unit 160 can display the inspection progress status, progress rate, detailed log, etc., and the user can check the inspection status through the information displayed on the display unit 160.

Figure 2 is a diagram showing a parallel processing test tool according to an embodiment of the present invention.

Referring to FIG. 2, the inspection unit 140 can process a plurality of tools (1, 2, 3, 4, 5, 6, 7, and 8) included in one test (10, 20) in parallel. . That is, a plurality of tools (1, 2, 3, 4, 5, 6, 7, 8) can perform inspection simultaneously. Here, the time it takes for each tool (1, 2, 3, 4. 5, 6, 7, and 8) to perform the test may be different, and the final time is when the tool that takes the longest time is finished. It may be the end of the inspection.

For example, the first tool (1) may take 2 minutes to perform the test, the second tool (2) may take 20 minutes to perform the test, and the third tool (3) may take 60 minutes to perform the test. It may take some time. Additionally, the fourth tool 4 may take 30 minutes to perform the test, the fifth tool 5 may take 2 minutes to perform the test, and the sixth tool 6 may take 30 minutes to perform the test. That is, the seventh tool 7 may take 30 minutes to perform the inspection, and the eighth tool 8 may take 3 minutes to perform the inspection.

Here, the tool that takes the longest time to perform the inspection may be the third tool 3, and the entire inspection may be completed when all inspections of the third tool 3 are completed. In other words, when the inspection of the third tool (3) is completed, the inspection of all other tools (1, 2, 4, 5, 6, 7, and 8) except the third tool (3) may have been completed. .

Additionally, for a plurality of tests (10, 20), all tools included in each test can be processed in parallel. That is, in the first test (10), a plurality of tools included in the first test (10) can perform inspection simultaneously, and in the second test (20), the tools included in the second test (20) can be inspected simultaneously. Multiple tools can perform inspections simultaneously. Here, the tools included in the first test 10 and the tools included in the second test 20 are also processed in parallel so that inspection can be performed simultaneously.

Figure 3 is a diagram showing the inspection of a tool that cannot be performed simultaneously with other tools among a plurality of tools.

Referring to FIG. 3, some of the plurality of tools (1, 2, 3, 4, 5, 6, 7, and 8) may not be available at the same time due to workspace sharing issues. The inspection unit 140 may allow these tools to be sequentially processed separately.

For example, in the case of the second tool 2, it may be set to prevent two or more tools from being executed at the same time. In this case, the inspection unit 140 may sequentially process the second tool 2 separately. That is, the first tool (1), the third tool (3), the fourth tool (4), ..., the eighth tool (8) can be processed in parallel and tested simultaneously. On the other hand, the second tool 2 can be sequentially processed separately. Here, when viewed as one test, the second tools 2 may also appear to be processed in parallel, but when assumed to be multiple tests, the second tools 2 for each test may be processed sequentially.

That is, the first tool (1), third tool (3), fourth tool (4), ..., eighth tool (8) of the second test (20) can be processed in parallel, and the second test (20) can be processed in parallel. The second tool (2) in (20) can start testing after the inspection of the second tool (20) in the first test (10) is completed. Furthermore, if more tests are performed simultaneously, after the inspection of the second tool (2) of the second test (20) is completed, the second tool (2) of the third test and the second tool (2) of the fourth test are sequentially performed. Tool (2), ... ,The second tool (2) of the nth test can start the test.

Here, if the test time of the tool that is set to not proceed simultaneously with other tools is longer than the test times of other tools, the entire test may be terminated upon completion of the test of the tool that is set to not proceed simultaneously with the other tools.

On the other hand, if the inspection time of a tool that is set to not proceed simultaneously with other tools is shorter than the inspection time of another tool, the inspection of the tool that is set to not proceed simultaneously with other tools may be terminated before the inspection of the tool is completed.

Additionally, if there are multiple tools that are set to prevent two or more tools from being executed at the same time, the tools may be sequentially processed separately. For example, in the case of the second tool (2) and the fourth tool (4), if two or more tools are set to not be executed at the same time, the inspection unit 140 checks the second tools (2) included in the plurality of tests. You can perform tests sequentially using . Additionally, the inspection unit 140 may sequentially perform inspection using the fourth tools 4 included in the plurality of tests. Here, tools other than the second tool 2 and the fourth tool 4 can perform inspection simultaneously.

Figure 4 is a diagram showing inspection of a tool with license restrictions among a plurality of tools.

Referring to FIG. 4, among tools for inspecting source code, there may be tools that have license restrictions depending on the license policy. For these tools, only as many tests as the number of licenses can be performed simultaneously. In other words, if the number of tools included in a plurality of tests is greater than the number of licenses, tests can be performed simultaneously only for the number of licenses.

For example, in the case of a third tool (3), the number of licenses may be limited to three. At this time, if the number of tests is 5, the third tool 3 may be included one in each test, for a total of 5. At this time, since there are three third-party licenses, the inspection can only be performed with three third-party tools (3).

Afterwards, when the tests of the remaining two third tools 3 that perform the inspection are all completed, new licenses are assigned and the remaining two third tools 3 can perform inspection simultaneously.

Figure 5 is a diagram showing inspection according to CLI commands according to an embodiment of the present invention.

Referring to FIG. 5, the CLI commands required to complete the inspection may be different for each tool for inspecting source code. In other words, there may be tools that consist of a single CLI, and there may be tools that perform inspection by performing several steps of CLI. For example, in the case of the first tool (1), it consists of only the inspection execution CLI and can immediately perform the inspection, while in the case of the third tool (3), the CLI for project creation, user assignment, build, and inspection execution is sequentially executed. You can complete the inspection.

Here, the inspection unit 140 may execute the CLI corresponding to each of the plurality of tools. At this time, depending on the license of each tool, each tool assigned to the license can run CLI.

Figure 6 is an exemplary diagram of an inspection situation displayed on a display unit according to an embodiment of the present invention.

Referring to FIG. 6, the display unit 160 can display the test tool, date and time of occurrence, number, evaluation model, and progress status. Here, the number indicates the process of the test, where '1' indicates tool start, '2' indicates tool termination [success], and '3' indicates the result file generated from the tool is parsed and stored in a temporary table. It can indicate the start of a save operation. In addition, '4' indicates the end of parsing the result file generated by the tool and saving it to a temporary table [success], '5' indicates the start of result score processing, and '6' indicates the end of result score processing [success]. It can be expressed.

In addition, the logs generated by the tool itself can be delivered to the user client (browser) that ran this test, allowing the user to check detailed information. At this time, logs generated by the tool itself can be transmitted to the user client in real time.

In addition, if an error occurs during test performance, the cause of the error can be indicated so that the details can be intuitively understood, thereby making it easier to deal with the error situation for the test.

Figure 7 is a diagram showing a source code inspection method according to an embodiment of the present invention.

Referring to FIG. 7, the message receiver 110 can receive a message from the outside using the HTTP protocol (S100). Here, the message received by the message receiver 110 may include a test number, order, and test tool code.

The target source receiving unit 120 can receive the target source compressed as ZIP (S200). The target source receiver 120 can connect to the database 150, where the target source to be tested is stored, based on the contents of the received message, using the STFP protocol and receive the target source compressed in ZIP.

The target source copy unit 130 can decompress the target source compressed into a ZIP received from the target source receiver 120 and copy the original source (S300). The target source copy unit 130 can copy the target source, store the original source in a workspace for each tool, and perform an inspection on the copied copy of the target source.

The inspection unit 140 may load the CLI command of each tool for inspecting the source code using the information included in the message received from the message receiver 110 (S400). Here, the CLI commands of each tool may be analyzed in advance before inspection and stored in the database 150. The type and number of CLIs to be executed for each tool may be different, and the inspection unit 150 may perform the inspection by sequentially executing the CLI for each tool.

Here, tools for inspecting source code can be executed in parallel. In other words, each tool can inspect the source code at the same time. Because of this, the total time required to inspect source code can be reduced.

The display unit 160 can display the test results (S500). Since the time required to inspect the source code can take up to tens of hours, the display unit 160 can display information about the process and status of the source code inspection. The display unit 160 can display the inspection progress status, progress rate, detailed log, etc., and the user can check the inspection status through the information displayed on the display unit 160.

As described above, according to the present invention, it is possible to implement a source code inspection system and method that processes test tools in parallel to perform static inspection of source codes, and outputs and monitors the inspection results of the source codes.

Those skilled in the art to which the present invention pertains should understand that the present invention can be implemented in other specific forms without changing its technical idea or essential features, and that the embodiments described above are illustrative in all respects and not restrictive. Just do it. The scope of the present invention is indicated by the claims described later rather than the detailed description, and all changes or modified forms derived from the meaning and scope of the claims and their equivalent concepts should be construed as being included in the scope of the present invention. .

110: Message receiver
120: Target source receiver
130: Target source copy unit
140: Inspection department
150: database
160: display unit

Claims (16)

A message receiving unit that receives a message from the outside using the HTTP protocol;
a target source receiving unit that receives the target source compressed into ZIP based on the contents of the message received by the message receiving unit;
a target source copy unit that decompresses the target source compressed with the ZIP and copies the original source; and
Includes an inspection unit that loads the CLI command of each tool for inspecting the source code and performs the inspection of the source code, and allows each of the tools to perform the inspection simultaneously,
The message received by the message receiver is a source code inspection system that includes a test number, order, and test tool code.
According to paragraph 1,
The message receiver is a source code inspection system that receives and processes information about one test formatted into JSON (JavaScript Object Notion).
delete According to paragraph 1,
A source code inspection system further comprising a database that stores in advance the type and number of CLI commands for each of the above tools.
According to paragraph 1,
One test for examining the source code includes multiple tools,
A test that includes the plurality of tools is a multiple source code inspection system.
According to clause 5,
A source code inspection system in which the inspection unit sequentially performs inspection of only the corresponding tools in the plurality of tests in the case of a tool that cannot be performed simultaneously with other tools among the plurality of tools.
According to clause 5,
The inspection unit is a source code inspection system in which, in the case of a tool with a license restriction among the plurality of tools, the inspection is performed by as many tools as the number of licenses.
According to paragraph 1,
It further includes a display unit that displays the inspection results of the inspection unit,
The display unit is a source code inspection system that displays the progress status, progress rate, and detailed log of the source code inspection.
Receiving a message from outside using the HTTP protocol;
Receiving a target source compressed into ZIP based on the content of the received message;
Decompressing the target source compressed with the ZIP and copying the original source; and
Loading the CLI command of each tool for inspecting the source code to inspect the source code, and allowing each of the tools to perform the inspection simultaneously;
The received message is a source code inspection method including a test number, order, and test tool code.
The method of claim 9, wherein in receiving the message,
A source code inspection method that receives and processes information about a single test formatted as JSON (JavaScript Object Notion).
delete According to clause 9,
A source code inspection method further comprising the step of pre-storing the type and number of CLI commands for each of the tools.
According to clause 9,
One test for examining the source code includes multiple tools,
A test that includes the plurality of tools is a method of inspecting multiple individual source codes.
The method of claim 13, wherein in the step of allowing each of the tools to perform inspection simultaneously,
A source code inspection method that sequentially performs inspection of only the corresponding tools in the plurality of tests in the case of a tool that cannot be performed simultaneously with other tools among the plurality of tools.
The method of claim 13, wherein in the step of allowing each of the tools to perform inspection simultaneously,
A source code inspection method in which, in the case of a tool with license restrictions among the plurality of tools, inspection is performed by as many tools as the number of licenses.
According to clause 9,
It further includes the step of displaying a test result of performing a test of the source code,
The inspection result is a source code inspection method including the progress status, progress rate, and detailed log of the source code inspection.