This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Project Information:template Teachable Static Analysis Workbench - 50 Review - First Reviewer - C

Revision as of 21:25, 11 September 2008 by Afry (talk | contribs)

Jump to: navigation, search

Click here to return to the previous page.


Project Deliveries & Objectives

OWASP Teachable Static Analysis Workbench Project's Deliveries & Objectives


1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

  1. TeSA plugin allows the user to mark the sources and sinks in the Eclipse text editor.
  2. FindBugs plugin was written which performs tainted analysis in more precise way than LAPSE, but does not yet have a GUI.
  3. A command "ant run-tests" can be run from the command-line which consists of unit-tests for generating FindBugs configuration files that can then be reviewed using FindBugs.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

  1. The project appears to be 50% completed according to the stated deliverables.
  2. The major issue remains that FindBugs is planned to be integrated with TeSA and LAPSE for 100%.
  3. The documentation needs heavy editing for 100%, some of the editing recommendations are listed below.

3. Please do use the right hand side column to provide advice and make work suggestions.

1) Change the Install Guide on the Wiki to refer to the specific versions of Eclipse, FindBugs, e.g., FindBugs 1.3.4, Eclipse 3.4 JEE
2) Modify the Install Guide to say that in editing the file, it is necessary to use forward slashes for the directory paths even on Windows.
3) Add the download location for the secbugs subtree to the Install Guide, i.e.
4) To support the esapi-demo-app in the Project Technical Report Draft, add the URL path for downloading the demo application to the Install Guide, i.e.,
5) Update the Install Guide to download Ant from for running the "ant run-tests" command.
6) Update the Install Guide to download Tomcat from for satisfying the esapi-demo-app dependencies in Eclipse for the servlet-api.jar file.
7) In the User's Guide Step 5, you need to right-click in the "Lapse View Sources" to select "Find Sources".
8) The Install Guide or User's Guide has be updated with instructions for viewing the results of the "ant run-tests" with FindBugs.