Program Calls for Java - 1.1
Extension ID
com.castsoftware.java2program
What’s new?
See Release Notes.
Description
This extension is responsible of creating objects representing calls from a java application to external programs. It is also responsible of creating objects representing JAR applications. Here programs is understood in a broad sense: it comprises scripts, operating system commands, and general purpose applications. The link between these objects and the objects representing the programs themselves (if present) is performed by a different com.castsoftware.wbslinker extension during the application analysis level.
Function Point, Quality and Sizing support
This extension provides the following support:
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) |
Quality and Sizing |
---|---|
✅ | ❌ |
Compatibility
Release | Operating System | Supported |
---|---|---|
v3/8.4.x | Microsoft Windows / Linux | ✅ |
v2/8.3.x | Microsoft Windows | ✅ |
What results can you expect?
Objects
Icon |
Description |
---|---|
Java Call to Java Program | |
Java Call to Generic Program | |
Java Call to Mainframe Program | |
Java Call to Midrange Program | |
Java JAR Program |
Supported program types
The primary target are customer programs possibly contained in the application under analysis. The only exception to this are operating system commands which can be identified by the property “Operating system call” (and filter if necessary). The list of supported program types is given in the table below.
Program type | Support | Program name (extensions) | Special property |
---|---|---|---|
Script-like programs | ✅ | *.py, *.pl, *.sh, *.bash, *.bat, *.jy | |
Calls to operating system commands | ✅ | cp, chmod, gunzip, … | Operating system call (=1) |
Java programs | ✅ | *.java | |
Jar programs | ✅ | *.jar |
Supported program invocation mechanisms
Common classes:
java.lang.ProcessBuilder
java.lang.Runtime
IBM classes:
com.ibm.ctg.client.JavaGateway
com.ibm.connector2.cics.ECIInteraction
com.ibm.as400.access.CommandCall
com.ibm.as400.access.ProgramCall
java.lang.ProcessBuilder
In the example below the call to the shell script myCommand.sh is represented by a Java Call to General Program object of the same name.
ProcessBuilder pb = new ProcessBuilder("myCommand.sh", "myArg1", "myArg2");
Process p = pb.start();
The ProcessBuilder.command method used to construct the command line string is also supported.
java.lang.Runtime
In the example below, the results are similar to those in the example above for ‘java.lang.ProcessBuilder’.
Runtime runtime = Runtime.getRuntime();
Process p = runtime.exec("CMD /C myCommand.sh myArg1 myArg2");
com.ibm.as400.access.ProgramCall
In the example below the call to the the cobol program QSYS is represented by a Java Call to Midrange Program object of the same name.
ProgramCall pgm = new ProgramCall(system);
String programName = "QSYS";
pgm.run(programName, paramList)
Command options and arguments
The arguments passed to the ProcessBuilder class or the Runtime.exe method might be parameterized. There are two different main cases that are treated differently. In the first one, it is the executed program name itself being parameterized, in which case the analyzer will create different objects for each different program name.
The second case is when the command line options and arguments are being parameterized. In that case, a single Java Call to Program object is created. However the receiving call links of this object will reflect the the origin of the value passed to the parameterized argument.
public void executeCommand(String option) throws IOException {
String[] command = {"CMD", "/C", "myprogram.sh", option};
Runtime runtime = Runtime.getRuntime();
Process p = runtime.exec(command);
}
public void callA() throws IOException {
String myvar = "option1";
executeCommand(myvar);
}
public void callB() throws IOException {
String myvar = "option2";
executeCommand(myvar);
}
The Java Call to Program object belongs to the method containing the expression invoking the command (ProcessBuilder.start(…) or Runtime.exec(…)), in this case the method executeCommand. The callers to the Java Call to Program represent the methods from where the parameters of the (usually parameterized) invocation have been determined. In the figure above we can seen the two different call links (C) from methods callA and *callB *that correspond to two different values of the argument passed to the myprogram.sh script (option1 and option2). The list of all unique full command lines associated to a given Java Call to Program object can be found in the “Full command lines” property:
The correspondence between the calling object and a particular command line can be only verified by manual inspection. Undefined (or hard to determine) parameters are represented by question marks “?”.
Specifics in calls to Java programs
Two different ways of calling Java programs is supported. The first one, directly invokes the main class:
ProcessBuilder pb = new ProcessBuilder("java", "mycode.Hello"); // This corresponds to the command: "java mycode.Hello"
Process p = pb.start();
which is represented by a Java Call To Java Program with the main class name. The class fullname information (namely mycode.Hello) is saved in the property “Fullname of the class, …”:
The second approach, is to invoke a JAR application:
ProcessBuilder pb = new ProcessBuilder("java", "-jar", "myProgram.jar");
Process p = pb.start();
Following this code a common Java Call To Generic Program object will be created. In order to link this call to the main java class, the analyzer will search for jar compilation instructions in maven files (we only support for “maven-assembly-plugin” artifacts). In case it is found, the analyzer will create a Java JAR Program together with the callLink to the main method. The link between the call to the JAR and the JAR program will be done during the application level analysis by the web service linker extension.
Below is an example of both ways of invoking the same Java program mycode.Hello:
Specifics in calls to Cobol programs
In communicating with Midrange application
public class IBMiExample {
public static void main(String[] args) {
AS400 system = null;
system = new AS400("systemName", "userId", "password");
system.connectService(AS400.COMMAND);
// ProgramCall.run() with parameters
ProgramCall pgm = new ProgramCall(system);
String programName = "QSYS";
pgm.run(programName, null)
}
}
The code snippet above is expected to produce a new object called Java Call to Midrange Program which has QSYS and JTOpen for IBM i for name and vendor respectively. This object will also link to the mentioned cobol program if its source code presents in the analysis project.
Limitations
- Command lines using pipelines and more complex constructs are not fully supported yet (the quality of the results might vary).
- The Java JAR Program and the link to the main method is created when the jar-defining pom.xml file and the main class file share the same analysis unit. This restriction will be relaxed in future releases.
- The reconstruction of the invoked full command lines is a complex task which is under constant improvement. This means that when upgrading the version of the extension there might be notable changes in the number of commands retrieved.
- The name of the program called by ProgramCall can sometimes not be found if the ProgramCall instance is declacred outside of the current physical caller which execute the callback.