Int J Performability Eng ›› 2019, Vol. 15 ›› Issue (9): 2329-2337.doi: 10.23940/ijpe.19.09.p5.23292337

Previous Articles     Next Articles

CD3T: Cross-Project Dependency Defect Detection Tool

Yongming Yaoa,b,*, Song Huanga, Cuiyi Fengb, Chen Liuc, and Chenying Xub   

  1. aCommand and Control Engineering College, Army Engineering University of PLA, Nanjing, 210007, China;
    bTongda College, Nanjing University of Posts and Telecommunication, Yangzhou, 225127, China;
    cSchool of Marxism, Yangzhou University, Yangzhou, 225009, China
  • Submitted on ; Revised on ; Accepted on
  • Contact: *.E-mail address: yaoym@njupt.edu.cn

Abstract: Nowadays, every software project usually has a large number of third-party components depending on the repository, some of which have some unsafe code. Due to complex references and dependencies, code defects and vulnerabilities in upstream dependent libraries will inevitably affect downstream software. In this paper, we design a cross-project dependency defect detection system based on Java, called CD3T. The entire implementation process of CD3T uses Apache Maven as a project dependent package management tool and uses IntelliJ IDEA as an integrated basic environment for the development of coding, compilation, and packaging. The system uses a full-text search engine and H2 Database that supports the engine that formats and stores vulnerability data, and the Apache Velocity template engine drives report generation. Finally, it obtains and formats the data that stores the U.S. national common vulnerability database, file dependency analysis, file dependency vulnerability checking, and check result output.

Key words: cross-project, dependency, NVD, CVE