KR20200112477A - Source code inspection system and method - Google Patents

Abstract

The present invention relates to a source code inspection system in which test tools are processed in parallel to perform static inspection of source codes, and a result of inspecting the source codes is output to be monitored, and to a method thereof. According to an embodiment of the present invention, the source code inspection system comprises: a message reception unit which receives a message from the outside using an HTTP protocol; a target source reception unit which receives a target source compressed in the ZIP based on contents of the message received by the message reception unit; a target source copy unit which decompresses the target source compressed in the ZIP and copies the original source; and an inspection unit which performs the inspection of the source code by loading a CLI command of each of the tools for inspecting the source code, wherein the tools perform the inspection at the same time.

Description

Source code inspection system and method}

The present invention relates to a source code inspection system and method, and in more detail, a source code inspection system capable of performing static inspection of source codes by processing test tools in parallel, and outputting and monitoring the source codes inspection results And a method.

In addition to the business to be implemented when developing software, activities to ensure quality such as security-secure coding, SQL consistency verification, and memory rule verification are important. In order to ensure the quality of such software, it is important to inspect the source code of each element, and inspection of the source code has mainly depended on each specialized company or expert for each test tool. In addition, test tools for inspecting each element in order to secure the quality of software must be performed individually and sequentially, and thus, there is a problem that a lot of inspection time is required.

In addition, it is necessary to start each test tool and test the source code according to the menu for each test tool, but there is a problem that it is difficult to learn how to use because the usage is different for each test tool.

The present invention is to solve the above-described problem, and provides a source code inspection system and method in which test tools are processed in parallel to perform static inspection of source codes, and output and monitor the source codes inspection results. It aims to do.

In addition to the technical problems of the present invention mentioned above, other features and advantages of the present invention will be described below or will be clearly understood by those of ordinary skill in the art from such technology and description.

The source code inspection system according to an embodiment of the present invention to achieve the above-described object includes a message receiving unit receiving a message from the outside using the HTTP protocol, and a target compressed in ZIP based on the contents of the message received by the message receiving unit. Source code inspection by loading the target source receiving unit that receives the source, the target source copy unit that decompresses the target source compressed with ZIP and copies the original source, and the CLI commands of each tool for checking the source code However, it may include an inspection unit that allows each tool to perform inspection at the same time.

On the other hand, in the source code inspection method according to an embodiment of the present invention for achieving the above-described object, the step of receiving a message from the outside using the HTTP protocol and the target source compressed in ZIP based on the content of the received message. The receiving step, the step of decompressing the target source compressed with ZIP, copying the original source, and the checking of the source code by loading the CLI commands of each tool for checking the source code, each tool It may include the step of performing the test at the same time.

The source code inspection system and method according to an embodiment of the present invention can shorten the time required for inspection by performing static inspection of source codes by processing test tools in parallel.

In addition, the user can check the inspection progress status by outputting and monitoring the inspection results of the source codes.

In addition, other features and advantages of the present invention may be newly recognized through embodiments of the present invention.

1 is a diagram showing the configuration of a source code inspection system according to an embodiment of the present invention.
2 is a diagram illustrating a parallel-processed test tool according to an embodiment of the present invention.
3 is a diagram illustrating an inspection of a tool that cannot be simultaneously performed with another tool among a plurality of tools.
4 is a diagram illustrating an inspection of a tool having a license restriction among a plurality of tools.
5 is a diagram illustrating a test according to a CLI command according to an embodiment of the present invention.
6 is an exemplary diagram illustrating an inspection situation displayed on a display unit according to an exemplary embodiment of the present invention.
7 is a diagram illustrating a source code inspection method according to an embodiment of the present invention.

In order to clearly describe the present invention, parts irrelevant to the description have been omitted, and the same reference numerals are assigned to the same or similar components throughout the specification.

Although not defined differently, all terms including technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the present invention belongs. Terms defined in a commonly used dictionary are additionally interpreted as having a meaning consistent with the related technical literature and the presently disclosed content, and are not interpreted in an ideal or very formal meaning unless defined.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those of ordinary skill in the art may easily implement the present invention. However, the present invention may be implemented in various forms and is not limited to the embodiments described herein.

1 is a diagram showing the configuration of a source code inspection system according to an embodiment of the present invention.

Referring to FIG. 1, a source code inspection system 100 according to an embodiment of the present invention includes a message receiving unit 110, a target source receiving unit 120, a target source copying unit 130, an inspection unit 140, and a database 150. ) And a display unit 160 may be included.

The source code inspection system 100 according to an embodiment of the present invention may be a computer including a process and a memory.

The message receiving unit 110 may receive a message from the outside using the HTTP protocol. According to the present invention, the protocol as an external input may be HTTP, and the message receiving unit 110 may receive and process data that is formatted as JSON (JavaScript Object Notion) for information on one test.

Here, the message received by the message receiving unit 110 may include a test number, an order, and a test tool code. According to the present invention, a plurality of tests for checking the source code can be simultaneously performed, and accordingly, it is possible to check in which test the message is being checked through the test number included in the message. In addition, the test can be performed again on the source code, and accordingly, the test order of the message can be confirmed through the order included in the message. In addition, one test may consist of a plurality of tools, and accordingly, through the test tool code included in the message, it is possible to check in which tool the message is tested.

Here, the message received by the message receiving unit 110 may be a source code to be inspected, and the information included in the source code may be information necessary for extracting CLI information for executing tools for testing the source code. . Here, the CLI information may be stored in the database 150.

The target source receiving unit 120 may access the database 150 in which the target source to be tested is stored based on the content of the received message through the STFP protocol to receive the target source compressed in ZIP. Here, the database in which the CLI information is stored and the database in which the target source is stored are described as the same, but the database in which the CLI information is stored and the database in which the target source is stored may have different configurations.

The target source receiving unit 120 may receive a file (compressed target source) by accessing the SFTP protocol, thereby receiving the file with more enhanced security than FTP. At this time, necessary SFTP connection information may be stored in a separate property file.

The target source copy unit 130 may decompress the target source compressed with ZIP received by the target source receiving unit 120 and copy the original source. Among the tools for testing the source code, there may be tools that lock the target source file and prohibit the file from being occupied by other processes. The target source copy unit 130 may create a copy of the original source so that the test can be performed even on these tools. That is, the target source copy unit 130 copies the target source, stores the source source in each tool-specific workspace, and performs inspection on the copied copy of the target source, so that the target source file is locked to the tools. It can also be made available to perform tests.

The inspection unit 140 may load CLI commands of each of the tools for inspection of the source code by using information included in the message received by the message receiving unit 110. Here, the CLI commands of each tool may be analyzed in advance before inspection and stored in the database 150.

Depending on the tools for checking the source code, there are tools that immediately check the source code, but there may be tools that require you to execute a CLI command before checking the source code. For example, in the case of the third tool, to perform the inspection on the source code written in Java, it goes through the steps of [Project creation -> User assignment to project -> Perform inspection], and then the source code written in C or C++ is checked. To do so, you can go through the steps of [Project creation -> User assignment to project -> Build -> Inspection]. Here, the inspection unit 140 may sequentially execute the CLI for each step. In addition, in the case of the second tool, it may be the step of [test execution], and the inspection unit 150 may execute the CLI for the step of performing the test.

That is, the types and number of CLIs to be executed for each tool may be different, and the inspection unit 150 may perform the inspection by sequentially executing the CLIs for each tool.

At this time, the type and number of CLIs to be executed for each tool may be stored in the database 150 only once when the tool is introduced, and afterwards, inspection through the tool may be performed through information stored in the database 150. . Accordingly, since the user performs the inspection using the stored CLI, it is possible to overcome the hassle of having to execute a complicated CLI.

Here, tools for checking the source code may be executed in parallel. That is, each tool can simultaneously inspect the source code. Due to this, the total time required to inspect the source code can be reduced.

In addition, as an example for each tool, the first tool can measure code complexity, and the second tool can verify C/C++ coding rules. In addition, the third tool can verify the Java/C/C++/Javascript secure coding and memory rules, the fourth tool can verify the C/C++ memory rules, and the fifth tool measures the code redundancy, The 6th tool can verify the C# coding rules. In addition, the 7th tool can verify the SQR consistency, the 8th tool can verify the output, and the 9th tool can verify open source citations.

Programming languages supporting code inspection may be C, C++, Java, or Javascript. Here, if a tool is added later, it may be applied through customization after spec analysis for the added tool.

In the past, each tool is individually inspected, and in the process, input values for executing each tool are handled every time, resulting in a lot of hassle. However, according to an embodiment of the present invention, it is convenient to simultaneously execute all tools with a single input value, and thus, a burden in performing source code inspection may be reduced. In addition, since the source code can be inspected with more frequent cycles than the existing inspection cycle, stability of the source code can be secured.

The display unit 160 may display the test result. Since the time required to inspect the source code may take up to several tens of hours, the display unit 160 may display information on a process and a situation in which the source code is inspected. The display unit 160 may display a progress status, a progress rate, and a detailed log of the inspection, and the user can grasp the inspection status through information displayed on the display unit 160.

2 is a diagram illustrating a parallel-processed test tool according to an embodiment of the present invention.

2, the inspection unit 140 may process a plurality of tools (1, 2, 3, 4. 5, 6, 7, 8) included in one test (10, 20) in parallel. . That is, a plurality of tools (1, 2, 3, 4. 5, 6, 7, 8) can perform the inspection at the same time. Here, the time required for each tool (1, 2, 3, 4. 5, 6, 7, 8) to perform the inspection may be different, and the time when the tool that takes the longest time is terminated is the final It may be the end of the test.

For example, the first tool (1) may take 2 minutes to perform the inspection, the second tool (2) may take 20 minutes to perform the inspection, and the third tool (3) may take 60 minutes to perform the inspection. It may take. In addition, the fourth tool 4 may take 30 minutes to perform the inspection, the fifth tool 5 may take 2 minutes to perform the inspection, and the sixth tool 6 may take 30 minutes to perform the inspection. That is, the seventh tool 7 may take 30 minutes to perform the inspection, and the eighth tool 8 may take 3 minutes to perform the inspection.

Here, the tool that takes the longest time to perform the inspection may be the third tool 3, and when all of the inspections performed by the third tool 3 are finished, the entire inspection may be terminated. That is, when the inspection of the third tool 3 is finished, the inspection of all other tools 1, 2, 4, 5, 6, 7, 8 except for the third tool 3 may be terminated. .

In addition, for a plurality of tests (10, 20), all tools included in each test may be processed in parallel. That is, in the first test (10), a plurality of tools included in the first test (10) can perform the test at the same time, and in the second test (20), the tools included in the second test (20) Multiple tools can perform inspection at the same time. Here, the tools included in the first test 10 and the tools included in the second test 20 are processed in parallel, so that the test can be simultaneously performed.

3 is a diagram illustrating an inspection of a tool that cannot be simultaneously performed with another tool among a plurality of tools.

Referring to FIG. 3, some of the plurality of tools 1, 2, 3, 4, 5, 6, 7, 8 may not be able to use several tools at the same time due to a problem of sharing a workspace. The inspection unit 140 may allow these tools to be separately sequentially processed.

For example, in the case of the second tool 2, it may be set so that two or more tools cannot be executed at the same time. In this case, the inspection unit 140 may separate and sequentially process the second tool 2. That is, the first tool (1), the third tool (3), the fourth tool (4), ..., the eighth tool (8) can be processed in parallel so that the test can be conducted simultaneously. On the other hand, the second tool 2 may be processed separately and sequentially. Here, when viewed as a single test, the second tool 2 may also appear to be processed in parallel, but assuming a plurality of tests, the second tools 2 for each test may be sequentially processed.

That is, the first tool (1), the third tool (3), the fourth tool (4), ... of the second test (20), the eighth tool (8) can be processed in parallel, the second test The second tool 2 of (20) can start the test after the test of the second tool 20 of the first test 10 is finished. Furthermore, if more tests are performed at the same time, after the inspection of the second tool (2) of the second test (20) is finished, the second tool (2) of the third test and the second test of the fourth test are sequentially performed. The tool (2), ..., the second tool (2) of the nth test can start the inspection.

Here, when the inspection time of the tool set to not proceed simultaneously with other tools is longer than the inspection times of other tools, the entire inspection may be terminated according to the end of the inspection of the tool set to not proceed simultaneously with other tools.

On the other hand, when the inspection time of a tool set to not proceed simultaneously with other tools is shorter than the inspection time of other tools, the inspection of the tool set to not proceed simultaneously with other tools may be terminated before the inspection of the tool ends.

In addition, when there are several tools that are set so that two or more tools cannot be executed at the same time, the tools may be processed separately and sequentially. For example, in the case of the second tool 2 and the fourth tool 4, when two or more tools are set to not be executed at the same time, the inspection unit 140 includes second tools 2 included in a plurality of tests. You can perform inspections sequentially by using. In addition, the inspection unit 140 may sequentially perform inspection by using the fourth tools 4 included in a plurality of tests. Here, other tools except for the second tool 2 and the fourth tool 4 may perform the inspection at the same time.

4 is a diagram illustrating an inspection of a tool having a license restriction among a plurality of tools.

Referring to FIG. 4, among tools for inspecting source codes, there may be tools subject to license restrictions according to a license policy. In the case of these tools, only the number of licenses can be checked simultaneously. That is, if the number of tools included in a plurality of tests is greater than the number of licenses, only the number of licenses can be simultaneously tested.

For example, in the case of the third tool 3, there may be three licenses. In this case, when the number of tests is five, the third tool 3 may be included one by one in each test, and a total of five. At this time, since there are three licenses for the third tool, the inspection can be performed only in the three third tools 3.

Thereafter, the remaining two third tools 3 are assigned a new license when the tests of the third tools 3 performing the inspection are all completed, so that the inspection can be performed simultaneously.

5 is a diagram illustrating a test according to a CLI command according to an embodiment of the present invention.

Referring to FIG. 5, CLI commands required to complete the inspection may be different for each tool for source code inspection. That is, there may be tools that consist of a single CLI, and there may be tools that perform inspection by performing several steps of CLI. For example, in the case of the first tool (1), it is composed of only the inspection execution CLI so that inspection can be performed immediately, whereas in the case of the third tool (3), the CLI of project creation, user assignment, build and inspection execution is sequentially executed. To complete the inspection.

Here, the inspection unit 140 may execute CLI corresponding to each of the plurality of tools. At this time, according to the license of each tool, the tools assigned to the license can each execute the CLI.

6 is an exemplary diagram illustrating an inspection situation displayed on a display unit according to an exemplary embodiment of the present invention.

Referring to FIG. 6, the display unit 160 may display test tools, date and time of occurrence, number, evaluation model, and progress. Here, the number indicates the process of the inspection, '1' indicates the start of the tool, '2' indicates the end of the tool [successful], and '3' indicates the result file generated by the tool is parsed and stored in a temporary table. May indicate the start of the storage operation. In addition, '4' indicates the end of the storage operation [success] in the temporary table by parsing the result file generated by the tool, '5' indicates the start of the result score processing, and '6' indicates the end of the result score processing [success]. Can be indicated.

In addition, logs generated by the tool itself are delivered to the user client (browser) that ran this test so that the user can check the detailed status. At this time, logs generated by the tool itself may be transmitted to the user client in real time.

In addition, when an error occurs while performing the test, the cause of the error can be marked so that detailed details can be intuitively identified, and accordingly, it is possible to easily cope with the error situation for the corresponding test.

7 is a diagram illustrating a source code inspection method according to an embodiment of the present invention.

Referring to FIG. 7, the message receiving unit 110 may receive a message from the outside using an HTTP protocol (S100). Here, the message received by the message receiving unit 110 may include a test number, an order, and a test tool code.

The target source receiver 120 may receive the target source compressed in ZIP (S200). The target source receiving unit 120 may access the database 150 in which the target source to be tested is stored based on the content of the received message through the STFP protocol to receive the target source compressed in ZIP.

The target source copy unit 130 may decompress the target source compressed with ZIP received by the target source receiving unit 120 and copy the original source (S300). The target source copy unit 130 may copy the target source, store the source source in a workspace for each tool, and perform an inspection on the copied copy of the target source.

The inspection unit 140 may load the CLI command of each of the tools for inspection of the source code by using information included in the message received by the message receiving unit 110 (S400). Here, the CLI commands of each tool may be analyzed in advance before inspection and stored in the database 150. The type and number of CLIs to be executed for each tool may be different, and the inspection unit 150 may perform the inspection by sequentially executing the CLIs for each tool.

Here, tools for checking the source code may be executed in parallel. That is, each tool can simultaneously inspect the source code. Due to this, the total time required to inspect the source code can be reduced.

The display unit 160 may display the test result (S500). Since the time required to inspect the source code may take up to several tens of hours, the display unit 160 may display information on a process and a situation in which the source code is inspected. The display unit 160 may display a progress status, a progress rate, and a detailed log of the inspection, and the user can grasp the inspection status through information displayed on the display unit 160.

As described above, according to the present invention, it is possible to realize a source code inspection system and method in which test tools are processed in parallel to perform static inspection of source codes, and output and monitor the source codes inspection result.

Those skilled in the art to which the present invention pertains, since the present invention may be implemented in other specific forms without changing the technical spirit or essential features thereof, the embodiments described above are illustrative in all respects and should be understood as non-limiting. Only. The scope of the present invention is indicated by the claims to be described later rather than the detailed description, and all changes or modified forms derived from the meaning and scope of the claims and their equivalent concepts should be interpreted as being included in the scope of the present invention. .

110: message receiver
120: target source receiver
130: target source copy unit
140: inspection unit
150: database
160: display

Claims (16)

A message receiving unit for receiving a message from the outside using the HTTP protocol;
A target source receiver configured to receive a target source compressed in ZIP based on the content of the message received by the message receiver;
A target source copy unit for decompressing the target source compressed with the ZIP and copying the original source; And
A source code inspection system comprising: an inspection unit for performing inspection of the source code by loading CLI commands of each tool for inspection of the source code, and allowing the tools to perform inspection at the same time.
The method of claim 1,
The message receiver is a source code inspection system that receives and processes data that is standardized in JSON (JavaScript Object Notion) for one test information.
The method of claim 1,
The message received by the message receiving unit includes a test number, order, and test tool code.
The method of claim 1,
A source code inspection system further comprising a database storing the types and numbers of CLI commands of the respective tools in advance.
The method of claim 1,
One test for checking the source code includes a plurality of tools,
The test including the plurality of tools is a plurality of source code inspection system.
The method of claim 5,
In the case of a tool that cannot be simultaneously performed with another tool among the plurality of tools, the inspection unit checks only the corresponding tools in the plurality of tests in sequence.
The method of claim 5,
In the case of a tool having a license limit among the plurality of tools, the inspection unit checks the source code of the tools as many as the number of licenses.
The method of claim 1,
Further comprising a display for displaying the test result,
The display unit is a source code inspection system that displays the progress status, progress rate, and detailed log of the source code inspection.
Receiving a message from the outside using an HTTP protocol;
Receiving a target source compressed in ZIP based on the content of the received message;
Decompressing the target source compressed with the ZIP and copying the original source; And
The source code inspection method comprising; loading CLI commands of each tool for inspection of the source code to perform inspection of the source code, and allowing the tools to simultaneously perform inspection.
The method of claim 9, wherein in receiving the message,
A source code inspection method that receives and processes data formatted as JSON (JavaScript Object Notion) for one test information.
The method of claim 9,
The received message is a source code inspection method including a test number, order, and test tool code.
The method of claim 9,
Source code inspection method further comprising the step of pre-storing the type and number of CLI commands of each of the tools.
The method of claim 9,
One test for checking the source code includes a plurality of tools,
The test including the plurality of tools is a source code inspection method of a plurality.
The method of claim 13, wherein in the step of allowing each of the tools to perform inspection at the same time,
In the case of a tool that cannot proceed simultaneously with another tool among the plurality of tools, only the corresponding tools in the plurality of tests are inspected sequentially.
The method of claim 13, wherein in the step of allowing each of the tools to perform inspection at the same time,
In the case of a tool having a license restriction among the plurality of tools, a source code inspection method in which tools as many as the number of the licenses perform inspection.
The method of claim 9,
Further comprising the step of displaying the test result,
The inspection result is a source code inspection method including a progress status, a progress rate, and a detailed log of the source code inspection.

Images