Effective testing of authorization logic of web components which utilize claims-based authorization

摘要

An authorization algorithm of a software component can be selected. A static code analysis can be performed to determine a conditional statement within an algorithm of the software component. The outcome of the conditional statement can be established based on an input and a criteria using dynamic code analysis. The input can be a value associated with a claim set of a claims-based authentication policy. The criteria can be an authentication criteria specified within the algorithm. Responsive to the outcome, an execution path associated with the outcome can be determined and a code coverage criterion can be met for the conditional statement.

主权项

1. A system comprising: one or more processors, one or more computer-readable memories and one or more non-transitory computer-readable storage devices;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform at least one of a functional and non-functional assessment of an authentication layer of a software component, wherein the non-functional assessment is a validation of at least one authentication algorithm associated with the software component, wherein the at least one authentication algorithm is associated with a claims-based authentication policy, wherein at least one of the claims associated with the claims-based authentication policy is an unbounded value; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to persist and aggregate static and dynamic analysis results of the assessment to enable multiple views of the authentication algorithm execution; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to generate at least one authentication token, wherein the authentication token is to a testing component to validate an algorithm associated with the authentication layer; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to execute the algorithm utilizing the at least one authentication token as an input for evaluating at least one conditional statement of the algorithm; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine the at least one conditional statement of the algorithm and obtaining metrics from the at least one conditional statement during execution of the algorithm; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to establish a decision tree for the authorization algorithm; and program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to graphically present the decision tree for the authorization algorithm within a user interface, wherein each node of the decision tree is associated with at least one of a control flow information and a conditional statement outcome.