Gary Wassermann
Zhendong Su
Premkumar Devanbu
Abstract
Many data-intensive applications dynamically construct queries in response to client requests and execute them. Java servlets, for example, can create strings that represent SQL queries and then send the queries, using JDBC, to a database server for execution. The servlet programmer enjoys static checking via Java's strong type system. However, the Java type system does little to check for possible errors in the dynamically generated SQL query strings. Thus, a type error in a generated selection query (e.g., comparing a string attribute with an integer) can result in an SQL runtime exception. Currently, such defects must be rooted out through careful testing, or (worse) might be found by customers at runtime. In this article, we present a sound, static program analysis technique to verify that dynamically generated query strings do not contain type errors. We describe our analysis technique and provide soundness results for our static analysis algorithm. We also describe the details of a prototype tool based on the algorithm and present several illustrative defects found in senior software-engineering student-team projects, online tutorial examples, and a real-world purchase order system written by one of the authors.
- Aho, A., Sethi, R., and Ullman, J. 1986. Compilers, Principles, Techniques and Tools. Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Amadio, R., and Cardelli, L. 1991. Subtyping recursive types. In Proceedings of the 18th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Orlando, FL). ACM, New York, 104--118. Google ScholarDigital Library
- Andersen, L. 1994. Program analysis and specialization for the C programming language. Ph.D. thesis, DIKU, University of Copenhagen. DIKU report 94/19.Google Scholar
- Braband, C., Møller, A., and Schwartzbach, M. 2001. Static validation of dynamically generated HTML. In ACM SIGPLAN--SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (Snowbird, UT). ACM, New York, 38--45. Google ScholarDigital Library
- Brabrand, C., M&oslah;ller, A., and Schwartzbach, M. 2002. The <bigwig> project. ACM Trans. Internet Tech. 2, 2, 79--114. Google ScholarDigital Library
- Choi, T.-H., Lee, O., Kim, H., and Doh, K.-G. 2006. A practical string analyzer by the widening approach. In Proceedings of the 4th Asian Symposium on Programming Languages and Systems (APLAS 2006) (Sydney, Australia). Springer-Verlag, New York, 374--388. Google ScholarDigital Library
- Christensen, A., M&oslah;ller, A., and Schwartzbach, M. 2003. Precise analysis of string expressions. In Proceedings of the 10th International Static Analysis Symposium (San Diego, CA). Springer-Verlag, New York, 1--18. Google ScholarDigital Library
- Cook, W. R., and Ibrahim, A. H. 2005. Programming languages & databases: What's the problem?? url: http://www.cs.utexas.edu/~wcook/Drafts/2005/PLDBProblem.pdf.Google Scholar
- Cook, W. R., and Rai, S. 2005. Safe query objects: Statically typed objects as remotely executable queries. In Proceedings of the 27th International Conference on Software Engineering (ICSE) (St. Louis, MO). ACM, New York. Google ScholarDigital Library
- Guyot, J. 1998. BNF index of SQL for Oracle 7. Available at http://cui.unige.ch/db-research/Enseignement/analyseinfo/SQL7/.Google Scholar
- Halfond, W. G., and Orso, A. 2005. Combining static analysis and runtime monitoring to counter SQL-injection attacks. In Proceedings of the 3rd International ICSE Workshop on Dynamic Analysis (WODA 2005) (St. Louis, MO). ACM, New York. url: http://www.csd.uwo.ca/woda2005/proceedings.html. Google ScholarDigital Library
- Heintze, N., and Tardieu, O. 2001. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Snowbird, UT). ACM, New York, 254--263. Google ScholarDigital Library
- Hopcroft, J., and Ullman, J. 1979. Introduction to Automata Theory, Language, and Computation. Addison--Wesley, Reading, MA. Google ScholarDigital Library
- JBoss. 2006. Hibernate. url: http://www.hibernate.org/.Google Scholar
- Kam, J., and Ullman, J. 1976. Global data flow analysis and iterative algorithms. J. ACM 23, 1 (Jan.), 158--171. Google ScholarDigital Library
- Kapfhammer, G. M., and Soffa, M. L. 2003. A family of test adequacy criteria for database-driven applications. In Proceedings of the 9th European Software Engineering Conference and the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering (Helsinki, Finland). ACM, New York, 98--107. Google ScholarDigital Library
- Kildall, G. 1973. A unified approach to global program optimization. In Conference Record of the ACM SIGACT and SIGPLAN Symposium on Principles of Programming Languages (Boston, MA). ACM, New York, 194--206. Google ScholarDigital Library
- Kohlbecker, E., Friedman, D., Felleisen, M., and Duba, B. 1986. Hygenic macro expansion. In Proceedings of the 1986 ACM Conference on LISP and Functional Programming (Cambridge, MA). ACM, New York, 151--159. Google ScholarDigital Library
- Melski, D., and Reps, T. 1997. Interconvertibility of set constraints and context-free language reachability. In Proceedings of the 1997 ACM Symposium on Partial Evaluation and Semantics-Based Program Manipulation, PEPM'97 (Amsterdam, The Netherlands). ACM, New York, 74--89. Google ScholarDigital Library
- Microsoft. 2004. ADO.NET. url: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/adonetanchor.asp.Google Scholar
- Microsoft. 2005. LINQ Project. url: http://msdn.microsoft.com/netframework/future/linq/.Google Scholar
- Oracle. 2006. Oracle TopLink. url: http://www.oracle.com/technology/products/ias/toplink/index.html.Google Scholar
- Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Francisco, CA). ACM, New York, 49--61. Google ScholarDigital Library
- Sandholm, A., and Schwartzbach, M. 2000. A type system for dynamic web documents. In Proceedings of the 27th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Boston, MA). ACM, New York, 290--301. Google ScholarDigital Library
- Shivers, O. 1988. Control flow analysis in Scheme. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Atlanta, GA). ACM, New York, 164--174. Google ScholarDigital Library
- SQLJ. 1997. See http://www.sqlj.org.Google Scholar
- Su, Z., Fähndrich, M., and Aiken, A. 2000. Projection merging: Reducing redundancies in inclusion constraint graphs. In Proceedings of the 27th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Boston, MA). ACM, New York, 81--95. Google ScholarDigital Library
- Sun. 2003. Java Data Objects (JDO). url: http://java.sun.com/products/jdo/. Google ScholarDigital Library
- Taha, W., and Sheard, T. 1997. Multi-stage programming with explicit annotations. In Proceedings of the ACM-SIGPLAN Symposium on Partial Evaluation and Semantic Based Program Manipulations (Amsterdam, The Netherlands). ACM, New York, 203--217. Google ScholarDigital Library
- Vallee-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., and Co, P. 1999. Soot--a Java optimization framework. In Proceedings of the IBM Centre for Advanced Studies Conference, CASCON'99 (Mississauga, Ont., Canada). IBM, New York. Google ScholarDigital Library
- Viega, J., and McGraw, G. 2001. Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley, Boston, MA.Google Scholar
- Wassermann, G., and Su, Z. 2004. An analysis framework for security in Web applications. In Proceedings of the 3rd FSE Workshop on the Specification and Verification of Component Based Systems (SAVCBS 2004) (Newport Beach, CA). ACM, New York, 70--78.Google Scholar
- Weise, D., and Crew, R. 1993. Programmable syntax macros. In Proceedings of the SIGPLAN Conference on Programming Language Design and Implementation (Albuquerque, NM). ACM, New York, 156--165. Google ScholarDigital Library
- Yellin, D. 1993. Speeding up dynamic transitive closure for bounded degree graphs. Acta Inf. 30, 4 (July), 369--384.Google ScholarDigital Library
Index Terms
- Static checking of dynamically generated queries in database applications
Recommendations
Static Checking of Dynamically Generated Queries in Database Applications
ICSE '04: Proceedings of the 26th International Conference on Software EngineeringMany data-intensive applications dynamically constructqueries in response to client requests and execute them.Java servlets, e.g., can create string representations ofSQL queries and then send the queries, using JDBC, to adatabase server for execution. ...
Spring Framework Reliability Investigation Against Database Bridging Layer Using Java Platform
AbstractThere are several frameworks that can be used to make create applications easier in the Java programming environment, whether in web applications or desktop applications. If we focus more on Java web framework, there is Spring Framework that has ...
Java and relational databases (tutorial): SQLJ
SIGMOD '98: Proceedings of the 1998 ACM SIGMOD international conference on Management of dataThis Tutorial presents the latest developments in the area of Java and Relational Databases. The material is based on the SQLJ consortium effort whose goal is to leverage Java technology for SQL processing. The SQLJ effort is driven by major industry ...
Comments