Which two statements describe advantages of static code analysis over unit tests? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BC.
Static code analysis and unit testing are two approaches to ensure the quality of software code, but they differ in their focus and benefits.
Static code analysis involves analyzing the source code of an application without executing it, to identify potential issues and vulnerabilities. Unit testing, on the other hand, involves writing code to test individual components or units of an application, by executing them with different inputs and verifying the expected outputs.
The advantages of static code analysis over unit tests are:
It checks for potential tainted data where input is not checked: Static code analysis tools can identify potential security vulnerabilities by analyzing the code for possible injection attacks, where input is not properly validated or sanitized. This includes checking for buffer overflows, format string attacks, SQL injection, and cross-site scripting (XSS) vulnerabilities, among others. Unit tests may not always cover these security issues, as they typically focus on functional testing rather than security testing.
It enforces proper coding standards and style: Static code analysis tools can enforce coding standards and best practices by checking the code against predefined rules and guidelines. This includes checking for proper indentation, naming conventions, error handling, and commenting, among other coding standards. Unit tests may not always cover these coding standards and style issues, as they are primarily focused on verifying the functional correctness of the code.
The other options in the answer choices are incorrect:
C. It performs a quick analysis of whether tests will pass or fail when run: This is not an advantage of static code analysis over unit tests, as unit tests are specifically designed to verify whether tests will pass or fail when run. Static code analysis may not provide this level of detail on test outcomes.
D. It checks for race conditions in threaded applications: This is not an advantage of static code analysis over unit tests, as race conditions are typically tested through functional testing or integration testing, where multiple components are tested together.
E. It estimates the performance of the code when run: This is not an advantage of static code analysis over unit tests, as performance testing is typically done through load testing or stress testing, where the application is tested under high load conditions to measure its performance. Static code analysis may not provide this level of performance analysis.