Inferring Page Models for Web Application Analysis

被引:1
作者
Athaiya, Snigdha [1 ]
机构
[1] Indian Inst Sci, Bengaluru, India
来源
PROCEEDINGS OF THE 26TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS (ISSTA'17) | 2017年
关键词
!text type='JS']JS[!/text]P; !text type='Java']Java[!/text]Script; Web Applications; Static Analysis; STATIC ANALYSIS;
D O I
10.1145/3092703.3098240
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Web applications are difficult to analyze using code-based tools because data-flow and control-flow through the application occurs via both server-side code and client-side pages. Client-side pages are typically specified in a scripting language that is different from the main server-side language; moreover, the pages are generated dynamically from the scripts. To address these issues we propose a static-analysis approach that automatically constructs a "model" of each page in a given application. A page model is a code fragment in the same language as the server-side code, which faithfully over-approximates the possible elements of the page as well as the control-flows and data-flows due to these elements. The server-side code in conjunction with the page models then becomes a standard (non-web) program, thus amenable to analysis using standard code-based tools.
引用
收藏
页码:412 / 415
页数:4
相关论文
共 24 条
  • [1] Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking
    Artzi, Shay
    Kiezun, Adam
    Dolby, Julian
    Tip, Frank
    Dig, Danny
    Paradkar, Amit
    Ernst, Michael D.
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2010, 36 (04) : 474 - 494
  • [2] Artzi Shay., 2010, P 32 ACMIEEE INT C S, P265, DOI 10.1145/1806799
  • [3] Athaiya Snigdha, 2017, 26 ACM SIGSOFT INT S
  • [4] Campos J, 2012, IEEE INT CONF AUTOM, P378, DOI 10.1145/2351676.2351752
  • [5] A systematic mapping study of web application testing
    Garousi, Vahid
    Mesbah, Ali
    Betin-Can, Aysu
    Mirshokraie, Shabnam
    [J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2013, 55 (08) : 1374 - 1396
  • [6] Cross-Language Program Slicing for Dynamic Web Applications
    Hung Viet Nguyen
    Kaestner, Christian
    Nguyen, Tien N.
    [J]. 2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS, 2015, : 369 - 380
  • [7] Jensen S.H., 2011, P 19 ACM SIGSOFT S 1, P59
  • [8] Jensen SH, 2009, LECT NOTES COMPUT SC, V5673, P238, DOI 10.1007/978-3-642-03237-0_17
  • [9] JS']JSAI: A Static Analysis Platform for Java']JavaScript
    Kashyap, Vineeth
    Dewey, Kyle
    Kuefner, Ethan A.
    Wagner, John
    Gibbons, Kevin
    Sarracino, John
    Wiedermann, Ben
    Hardekopf, Ben
    [J]. 22ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (FSE 2014), 2014, : 121 - 132
  • [10] Kirkegaard C, 2006, LECT NOTES COMPUT SC, V4134, P336
123