Transforming unit tests for security testing

摘要

A method, computer program product, and system for transforming unit tests is described. A unit test associated with one or more software units is identified. A first input parameter of the unit test is identified. A substitute parameter value is determined, wherein the substitute parameter value is associated with a security test for the one or more software units. A value of the first input parameter in the unit test is replaced with the substitute parameter value. The unit test including the substitute parameter value is implemented for the one or more software units. A first security issue associated with the one or more software units is identified, based upon, at least in part, replacing the first input parameter of the unit test with the substitute parameter value and implementing the unit test including the substitute parameter value.

主权项

1. A computer-implemented method comprising:
identifying, by one or more computing devices, a unit test associated with one or more software units; identifying, by the one or more computing devices, a first input parameter of the unit test using program slicing; determining, by the one or more computing devices, a substitute parameter value, wherein the substitute parameter value is associated with a security test for the one or more software units; replacing, by the one or more computing devices, a value of the first input parameter in the unit test with the substitute parameter value, wherein the substitute parameter value includes a parameter type that is different than a parameter type of the first input parameter of the unit test; implementing, by the one or more computing devices, the unit test including the substitute parameter value for the one or more software units; and identifying, by the one or more computing devices, a first security issue associated with the one or more software units, based upon, at least in part, dynamic application security testing logic and without generating an error in the unit test upon replacing the value of the first input parameter of the unit test with the substitute parameter value and implementing the unit test including the substitute parameter value, wherein implementing the unit test including the substitute parameter value includes implementing the substitute parameter value as the different parameter type that is executable rather than implementing the substitute parameter value as the first input parameter type that is non-executable, and modifying the unit test to reduce a required run time for the unit test including the substitute parameter value by identifying a data set, wherein the data set is accessed, at least in part, by the software unit as a result of the implementation of the unit test; determining a substitute data set; and replacing a portion of the data set with the substitute data set.