High-level synthetic methods

Synthetic methods are a useful construct for modeling advanced data flow in frameworks. For example, many standard frameworks (such as Struts and Spring) encourage a model-view-controller (MVC) architecture for the application. With an MVC structure, client form submission is often handled in this manner:

  1. Based on the URL, determine the application model class M for holding the submitted form data and the controller class C containing the business logic.
  2. Create an M model object and set its properties based on the (untrusted) form data in the HTTP request. The properties are typically set via setter JavaBeans (for example, setName() or setAddress()).
  3. Perform some validation on the data in the M object.
  4. Create a C controller object, and pass the M object to a method C.execute() that performs the business logic. Typically, execute() will return the name of a view to render the result.
  5. Based on the view name, determine the appropriate view file (for example, a JavaServer page) to show. Often, the data in the M object is passed to the view via attributes of the request or session object.

All of the above features can be modelled with Framework for Frameworks synthetic methods, thereby exposing the behaviors for analysis by AppScan® Source. The Framework for Frameworks API provides high-level synthetic methods to ease generation of synthetic methods.

Note: Trace nodes with class names that begin with Appscan.Synthetic, Appscan.Synthetic.Validator, and AppScan.Synthetic.Replacement correspond to methods that are synthesized by AppScan® Source.
  • AppScan.Synthetic methods are used to stitch traces together in application code that uses frameworks.
  • An AppScan.Synthetic.Validator method models the underlying validation performed by the framework runtime. You can select a validator method and mark it as a Validator if needed.
  • An AppScan.Synthetic.Replacement method indicates that a method in the application code was replaced by AppScan® Source to capture data flow between disjoint components (such as controllers and views) of the framework.