Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the best approach in auditing a big java/j2ee web application

Tags:

I have to audit a large web Java/J2ee application that has evolved over several years. It's been written by some other company, not the one I'm working for. In it's current state it has become hard to evolve and maintain, new functionalities are hard to add and often lead to bugs that sometime show up in production. There seem to be some copy/pasted code which resulted in code duplication. The current app is some kind of online shopping with some cms-like content here and there. It's mostly Struts and some Spring in newer parts of the code, maybe some ejbs thrown in for good measure. There are some unit tests available, but not a lot of them. These are things I've been told, I haven't seen yet the actual code.

My company will make a proposition to rewrite parts of this app in order to reduce complexity, improve quality and modularity, and make it possible to add easier new functionalities without regressions. Before making any commitement, they would like to have some kind of appreciation of the quality of the existing code and to asses how much of it can be reused, in order to have more than a guess in what there will have to be done - full rewrite or partial rewrite.

The catch is that I'll have to do this in a very short period ( a couple of days ) so I'm trying to work out a plan for what can be done in such a short time. What I'm thiking is :

  • check out "basic" things - exceptions treatment, logging
  • check out the level of layering ( views, controllers, dao layer )
  • measure the actual coverage of the unit tests
  • maybe run some Checkstyle, Findbugs and PMD over the projects
  • ...

So the actual question is what other things should I take into account/check/measure/etc ?

I'm not sure what kind of numbers I could get out of this and if it would really mean something, I have the feeling that what the management is asking is kind of the wrong approach, so the second question would be : does anyone has a better idea ?

I'll appreciate any idea, suggestion, comment on this.

Edit: I'll be adding two dead code detectors to the mix : UCD and DCD