Project Information:template Teachable Static Analysis Workbench - 50 Review - First Reviewer - C

From OWASP
Jump to: navigation, search

Click here to return to the previous page.

50% REVIEW PROCESS

Project Deliveries & Objectives

OWASP Teachable Static Analysis Workbench Project's Deliveries & Objectives

QUESTIONS ANSWERS

1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. TeSA plugin allows the user to mark the sources and sinks in the Eclipse text editor.
  2. FindBugs plugin was written which performs tainted analysis in more precise way than LAPSE, but does not yet have a GUI.
  3. A command "ant run-tests" can be run from the command-line which consists of unit-tests for generating FindBugs configuration files that can then be reviewed using FindBugs.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

  1. The project appears to be 50% completed according to the stated deliverables.
  2. The major issue remains that FindBugs is planned to be integrated with TeSA and LAPSE for 100%.
  3. The documentation needs heavy editing for 100%, some of the editing recommendations are listed below.

3. Please do use the right hand side column to provide advice and make work suggestions.

  1. Change the Install Guide on the Wiki to refer to the specific versions of Eclipse, FindBugs, e.g., FindBugs 1.3.4, Eclipse 3.4 JEE
  2. Modify the Install Guide to say that in editing the build.properties file, it is necessary to use forward slashes for the directory paths even on Windows.
  3. Add the download location for the secbugs subtree to the Install Guide, i.e. http://code.google.com/p/teachablesa/source/browse/#svn/trunk/secbugs
  4. To support the esapi-demo-app in the Project Technical Report Draft, add the URL path for downloading the demo application to the Install Guide, i.e., http://code.google.com/p/teachablesa/source/browse/#svn/trunk/webapps/esapi_demo_app
  5. Update the Install Guide to download Ant from apache.org for running the "ant run-tests" command.
  6. Update the Install Guide to download Tomcat from apache.org for satisfying the esapi-demo-app dependencies in Eclipse for the servlet-api.jar file.
  7. In the User's Guide Step 5, you need to right-click in the "Lapse View Sources" to select "Find Sources".
  8. The Install Guide or User's Guide has be updated with instructions for viewing the results of the "ant run-tests" with FindBugs.