开发者

Reverse engineering/source code analysis of a struts web application

开发者 https://www.devze.com 2022-12-29 22:17 出处:网络
i need to reverse engineer and un开发者_运维技巧derstand a struts 1.2 integrated with jsf application as a part of my job. unfortunately the documentation is sparse.

i need to reverse engineer and un开发者_运维技巧derstand a struts 1.2 integrated with jsf application as a part of my job. unfortunately the documentation is sparse. please suggest how do i go about. what are the tools suitable for this purpose.


If you have to reverse engineer an application, whatever application that is, you have to:

  • first - understand the technologies it uses (framework, libraries etc)
  • second - what the application adds on top (custom framework, business rules etc).

Since it is a Struts 1 + JSF application you need to first understand how those work if you don't already know (e.g. not a lot of people are bothering with Struts 1 these days unless they have to work with some legacy application).

Then, after you know what techniques were used to make the application work, you have to find out what the application does. There is only one universal tool to help you with that: your brain.

Also, it would be useful to know how the application works from the users of the application. But you have to be very careful and discern the information you receive because users sometimes will tell how they would want the thing to work, not how it effectively does.

Some things to consider:

  • You have to have patience, lots of it; something easy on the surface might turn to be very complicated once you dig your hands in it and might take longer than you initially thought
  • never make assumptions of how something works; if you reverse engineer 80% of something and think you know how it works and what it does don't call it a day; that 20% left might bite you;
  • also, if you find funny looking code, something that you will never normally write, don't make the assumption that the one who wrote it was stupid, it might be there for a reason that still eludes you (e.g. some bug fixing in a certain environment);
  • be aware that it is possible to understand something one way, and later, after more insight in other parts of the application to realize that you were wrong;
  • be suspicious of any documentation you might have (javadoc, comment in code, user guides etc), they might not be in sync with the code and may throw you of track and confuse you. The code is sacred;

Best of luck to you!

0

精彩评论

暂无评论...
验证码 换一张
取 消