Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Automatic Extraction of Dependencies between Web Components and Database Resources in Java Web Applications

  • Oh, Jaewon (School of Computer Science and Information Engineering, The Catholic University of Korea) ;
  • Ahn, Woo Hyun (School of Software, Kwangwoon University) ;
  • Kim, Taegong (Department of Computer Engineering, Inje University)
  • Received : 2019.04.29
  • Accepted : 2019.06.17
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Web applications typically interact with databases. Therefore, it is very crucial to understand which web components access which database resources when maintaining web apps. Existing research identifies interactions between Java web components, such as JavaServer Pages and servlets but does not extract dependencies between the web components and database resources, such as tables and attributes. This paper proposes a dynamic analysis of Java web apps, which extracts such dependencies from a Java web app and represents them as a graph. The key responsibility of our analysis method is to identify when web components access database resources. To fulfill this responsibility, our method dynamically observes the database-related objects provided in the Java standard library using the proxy pattern, which can be applied to control access to a desired object. This study also experiments with open source web apps to verify the feasibility of the proposed method.

Keywords

E1ICAW_2019_v17n2_149_f0001.png 이미지

Fig. 1. Interactions between web components that occur when an Online Bookstore app user retrieves book information, and the resulting page.

E1ICAW_2019_v17n2_149_f0002.png 이미지

Fig. 2. Interactions between web components and database resources that occur when an Online Bookstore app user retrieves book information.

E1ICAW_2019_v17n2_149_f0003.png 이미지

Fig. 3. Original code that accesses a database using the JDBC API and the modified code to identify dependencies with the database.

E1ICAW_2019_v17n2_149_f0004.png 이미지

Fig. 5. Static view for extracting dependency relations between web components and database resources.

E1ICAW_2019_v17n2_149_f0005.png 이미지

Fig. 6. Interactions between web components and database resources that occur when an Online Bookstore app user retrieves a list of posts, and the resulting page.

E1ICAW_2019_v17n2_149_f0006.png 이미지

Fig. 7. Interactions between web components and database resources when a user makes a request to create a bulletin board named mTest, and the resulting page.

E1ICAW_2019_v17n2_149_f0007.png 이미지

Fig. 8. Interactions between web components and database resources when a user makes a request to read a post on the mTest bulletin board, and the resulting page.

E1ICAW_2019_v17n2_149_f0008.png 이미지

Fig. 9. Interactions between web components and database resources when a user makes a request to obtain information on the movie WALL-E, and the input and resulting page.

E1ICAW_2019_v17n2_149_f0009.png 이미지

Fig. 10. Interactions between web components and database resources when a user makes a login request to the Online Movie Ticket Booking app, and the resulting page.

E1ICAW_2019_v17n2_149_f0010.png 이미지

Fig. 4. Dynamic view for extracting dependency relations between web components and database resources.

References

  1. J. Oh, S. Lee, A. Kim, and W. H. Ahn, "An automatic extraction scheme of dependency relations between web components and web resources in Java web applications," Journal of the Korea Institute of Information and Communication Engineering, vol. 22, no. 3, pp. 458-470, 2018. https://doi.org/10.6109/JKIICE.2018.22.3.458
  2. H. M. Kienle and H. A. Muller, "A WSAD-based fact extractor for J2EE web projects," in Proceeding of the 9th IEEE International Workshop on Web Site Evolution, Paris, pp. 57-64, 2007. DOI: 10.1109/WSE.2007.4380245.
  3. I. Zahoor, O. Maqbool, and R. Naseem, "Web application fact extractor (WAFE)," in Proceeding of the 2013 8th International Conference on Digital Information Management, Islamabad, pp. 379-384, 2013. DOI: 10.1109/ICDIM.2013.6694039.
  4. H. M. Kienle and D. Distante, "Evolution of web systems," in Evolving Software Systems, 1st ed., Heidelberg: Springer-Verlag Berlin Heidelberg, pp. 201-228, 2014.
  5. A. E. Hassan and R. C. Holt, "Architecture recovery of web applications," in Proceeding of the 24th International Conference on Software Engineering, Orlando, pp. 349-359, 2002. DOI: 10.1145/581339.581383.
  6. Z. Mushtaq, G. Rasool, and B. Shehzad, "Multilingual source code analysis: A systematic literature review," IEEE Access, vol. 5, pp. 11307-11336, 2017. DOI: 10.1109/ACCESS.2017.2710421.
  7. A. Zaidman, N. Matthijssen, M. A. Storey, and A. Van Deursen, "Understanding AJAX applications by connecting client and server-side execution traces," Empirical Software Engineering, vol. 18, no. 2, pp. 181-218, 2013. DOI: 10.1007/s10664-012-9200-5.
  8. A. Shatnawi, H. Mili, G. El-Boussaidi, A. Boubaker, Y.G. Gueheneuc, N. Moha, J. Privat, and M. Abdellatif, "Analyzing program dependencies in Java EE applications," in Proceeding of the 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, Buenos Aires, pp. 64-74, 2017. DOI: 10.1109/MSR.2017.6.
  9. G. Hecht, H. Mili, G. El-Boussaidi, A. Boubaker, M. Abdellatif, Y.G. Gueheneuc, A. Shatnawi, J. Privat, and N. Moha, "Codifying hidden dependencies in legacy J2EE applications," in Proceeding of the 2018 25th Asia-Pacific Software Engineering Conference, Nara, pp. 305-314, 2018. DOI: 10.1109/APSEC.2018.00045.
  10. J. Oh, W. H. Ahn, and T. Kim, "Automatic extraction of component collaboration in Java web applications by using servlet filters and wrappers," KIPS Transactions on Software and Data Engineering, vol. 6, no. 7, pp. 329-336, 2017. https://doi.org/10.3745/KTSDE.2017.6.7.329
  11. M. Han and C. Hofmeister, "Modeling request routing in web applications," in Proceeding of the 8th IEEE International Symposium on Web Site Evolution, Philadelphia, pp. 103-110, 2006. DOI: 10.1109/WSE.2006.14.
  12. W. G. Halfond, "Identifying inter-component control flow in web applications," in Proceeding of the 15th International Conference on Web Engineering, Rotterdam, pp. 52-70, 2015. DOI: 10.1007/978-3-319-19890-3_5.
  13. L. Meurice, C. Nagy, and A. Cleve. "Static analysis of dynamic database usage in Java systems." in Proceeding of International Conference on Advanced Information Systems Engineering, Ljubljana, pp. 491-506, 2016. DOI: 10.1007/978-3-319-39696-5_30.
  14. J. Buckley, N. Ali, M. English, J. Rosik, and S. Herold, "Real-time reflexion modelling in architecture reconciliation: A multi case study," Information and Software Technology, vol. 61, pp. 107-123, 2015. DOI: 10.1016/j.infsof.2015.01.011.
  15. T. Forster, T. Keuler, J. Knodel, and M. C. Becker, "Recovering component dependencies hidden by frameworks-experiences from analyzing OSGi and Qt," in Proceeding of the 17th European Conference on Software Maintenance and Reengineering, Genova, pp. 295-304, 2013. DOI: 10.1109/CSMR.2013.38.
  16. J. Oh, W. H. Ahn, and T. Kim, "MVC architecture driven restructuring to achieve client-side web page composition," in Proceeding of the 2016 7th IEEE International Conference on Software Engineering and Service Science, Beijing, pp. 45-53, 2016. DOI: 10.1109/ICSESS.2016.7883013.
  17. Loup Meurice, "Analyzing, understanding and supporting the evolution of dynamic and heterogeneous data-intensive software systems," Ph.D. dissertation, University of Namur, Namur, 2017, [online] Available: https://loupmeurice.github.io/PhD.pdf.
  18. A. S. Christensen, A. Moller, and M. I. Schwartzbach, "Precise analysis of string expressions," in Proceeding of the 10th International Conference on Static Analysis, San Diego: CA, pp. 1-18, 2003.
  19. C. Gould, Z. Su, and P. Devanbu, "Static checking of dynamically generated queries in database applications," in Proceeding of the 26th International Conference on Software Engineering, Edinburgh, pp. 645-654, 2004. DOI: 10.1109/ICSE.2004.1317486.
  20. K. Wei, M. Muthuprasanna, and S. Kothari, "Preventing SQL injection attacks in stored procedures," in Proceeding of the 17th Australian Software Engineering Conference, Sydney, pp. 191-198, 2006. DOI: 10.1109/ASWEC.2006.40.
  21. X. Fu, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao, "A static analysis framework for detecting SQL injection vulnerabilities," in Proceeding of the 31st IEEE International Computer Software and Applications Conference, Beijing, pp. 87-96, 2007. DOI: 10.1109/COMPSAC.2007.43.
  22. M. N. Ngo, and H. B. K. Tan, "Applying static analysis for automated extraction of database interactions in web applications," Information and Software Technology, vol. 50, no. 3, pp. 160-175, 2008. DOI: 10.1016/j.infsof.2006.11.005.
  23. C. Nagy and C. Anthony, "SQLInspect: a static analyzer to inspect database usage in Java applications," in Proceeding of the 40th International Conference on Software Engineering: Companion Proceedings, Gothenburg, pp. 93-96, 2018.
  24. M. Linares-Vasquez, B. Li, C. Vendome, and D. Poshyvanyk, "Documenting database usages and schema constraints in database-centric applications," in Proceedings of the 25th International Symposium on Software Testing and Analysis, Saarbrucken, pp. 270-281, 2016. DOI: 10.1145/2931037.2931072.
  25. Oracle, The essentials of filters [Internet], Available: http://www.oracle.com/technetwork/java/filters-137243.html.
  26. E. Gamma, R. Helm, R. Johnson, J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, 1st ed., Massachusetts, Addison-Wesley, 1994.
  27. Gudu Software, GSP: General SQL Parser [Internet], Available: http://www.sqlparser.com.
  28. R. W. Sebesta, Concepts of Programming Languages, 11th ed., Boston, Pearson, 2015.
  29. A. Silberschatz, H. F. Korth, and S. Sudarshan, Database System Concepts, 3rd ed., New York, NY: McGraw-Hill, 1997.
  30. J. Oh, W. H. Ahn, and T. Kim, "MVC architecture-aware restructuring of web apps," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 11, pp. 2153-2166, 2017. https://doi.org/10.6109/JKIICE.2017.21.11.2153
  31. J. Oh, W. H. Ahn, and T. Kim, "Web app restructuring based on shadow DOMs to improve maintainability," in Proceeding of the 2017 8th IEEE International Conference on Software Engineering and Service Science, Beijing, pp. 118-122, 2017. DOI: 10.1109/ICSESS.2017.8342877.
  32. Y. Qu, X. Guan, Q. Zheng, T. Liu, J. Zhou, and J. Li, "Calling network: A new method for modeling software runtime behaviors," ACM SIGSOFT Software Engineering Notes, vol. 40, no. 1, pp.1-8, 2015. DOI: 10.1145/2693208.2693223.
  33. D. Shen, Q. Luo, D. Poshyvanyk, and M. Grechanik, "Automating performance bottleneck detection using search-based application profiling," in Proceeding of the 2015 International Symposium on Software Testing and Analysis, Maryland, pp. 270-281, 2015. DOI: 10.1145/2771783.2771816.
  34. A. Mesbah and A. Van Deursen, "Migrating multi-page web applications to single-page AJAX interfaces," in Proceeding of the 11th European Conference on Software Maintenance and Reengineering, Amsterdam, pp. 181-190, 2007. DOI: 10.1109/CSMR.2007.33.