1. Field of the Invention
The present invention relates to a software test technique. More particularly, the Present Invention is related to an information processing and a test case generating method and system that automatically generates test cases for software testing of a web application.
2. Description of Related Art
With the recent development of the Internet, various services such as online banking, online trading, net shopping and electric bulletin board have been provided through web applications. In particular, with the recent development of web technologies, the web applications, which used to provide sets of static contents at the early development stage, have been changed to provide contents dynamically and interactively. In addition, increasingly richer and more dynamic contents have been provided with the development of client technologies such as JavaScript, Asynchronous JavaScript (registered trademark) and XML (Ajax) and Adobe (registered trademark) Flash (registered trademark).
Under circumstances where web applications have become more and more complex, a test technique effective to conventional software has become ineffective due to dynamic properties of the web applications, and it has become difficult to thoroughly verify the web applications. Thus, in order to perform thorough software testing of a web application, many steps of the test need to be performed manually. This is a factor of increase of labor costs in application development. In addition, costs required for bug fixes increase with the progress of developmental phase. Against such a background, it is desirable to develop a test tool which makes it possible to efficiently perform thorough software testing of a dynamic web application.
It is known that techniques of automating a web application software test have been developed by widely applying techniques mainly based on static analysis or dynamic analysis (Podjarny, G., “Developing secure Web applications: An introduction to IBM Rational AppScan Developer Edition,” IBM DeveloperWorks, September 2008). The dynamic analysis is a technique of finding a security hole by traversing a web application to learn the structure and behaviors of the web application, and by submitting unexpected inputs. The dynamic analysis is so-called black box testing, and thus does not require server-side source code and information on operations of the web application.
In contrast, the static analysis is a technique of identifying security vulnerabilities by analyzing application code to construct a mathematical model describing the application, and then by analyzing the model. The static analysis is so-called white box testing, and thus requires application code. However, since the code itself is statically scanned, the code coverage is clearly defined. Attempts have also been made to extract uniform resource locators (URLs) and input parameters from character strings in the server-side code by statically analyzing the server-side code (Minghui Wang, et al., “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” Computer Science and Software Engineering, 2008 International Conference on, vol. 2, no., pp. 751-754, 12-14 Dec. 2008). In addition, in relation to static code analysis of client code, there is known a technique of verifying JavaScript (registered trademark) in client code such as DHML (Tateishi T., et al., “DHTML Accessibility Checking Based on Static JavaScript Analysis,” LNCS Universal Access in Human-Computer Interaction. Applications and Services, Volume 4556 p167-176, 2007).
However, in the aforementioned static analysis, it is difficult to correctly predict from server code what client code is to be generated. Finding all the code paths by using static analysis is difficult because of the dynamic code on the client side. Furthermore, some codes do not appear when the server code is analyzed alone.
In addition, an event tree which expresses possible interactions with a web application grows dynamically and exponentially. For this reason, a dynamic analysis to search a web application thoroughly without any omission is unrealistic, and also has a possibility of going into an infinite loop. To alleviate the mentioned problem above, dynamic analysis is also performed by searching only limited part of a web application through simulation of execution results of JavaScript (registered trademark) code on the client side. The code coverage of this dynamic analysis, however, can be incomplete.