Dangling references in multi-configuration and dynamic PHP-based Web applications

Nguyen, Hung Viet; Nguyen, Hoan Anh; Nguyen, Tung Thanh; Nguyen, Anh Tuan; Nguyen, Tien N.

doi:10.1109/ase.2013.6693098

Cited by 8 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We similarly track origin locations, but we symbolically execute the PHP code. We previously used our symbolic execution engine PhpSync for similar purposes [41,42]. First, we used our static origin tracking to propagate changes in the client code (output of symbolic execution) back to the PHP code [42].…”

Section: Related Workmentioning

confidence: 99%

“…First, we used our static origin tracking to propagate changes in the client code (output of symbolic execution) back to the PHP code [42]. Subsequently, we designed DRC to analyze both PHP code and generated client-side code to detect cross-language and cross-stage dangling references [41]. In contrast to this work, DRC extracts program entities via heuristics: it just matches path constraints of references/declarations without building the ASTs and DOM for embedded code in different configurations.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Building call graphs for embedded client-side code in dynamic web applications

Nguyen

Kästner

Nguyen

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

When developing and maintaining a software system, programmers often rely on IDEs to provide editor services such as syntax highlighting, auto-completion, and "jump to declaration". In dynamic web applications, such tool support is currently limited to either the server-side code or to hand-written or generated client-side code. Our goal is to build a call graph for providing editor services on client-side code while it is still embedded as string literals within server-side code. First, we symbolically execute the server-side code to identify all possible client-side code variations. Subsequently, we parse the generated client-side code with all its variations into a VarDOM that compactly represents all DOM variations for further analysis. Based on the VarDOM, we build conditional call graphs for embedded HTML, CSS, and JS. Our empirical evaluation on real-world web applications show that our analysis achieves 100% precision in identifying call-graph edges. 62% of the edges cross PHP strings, and 17% of them cross files-in both situations, navigation without tool support is tedious and error prone.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Building call graphs for embedded client-side code in dynamic web applications

Nguyen

Kästner

Nguyen

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…A reference to a program entity (e.g., a variable or a function call) is undefined at run time if the entity has not been declared in the current execution. These types of errors can lead to unexpected behavior of the program at run time, ranging from disruptive web service, blank pages, missing user information, unwanted error messages, to fatal crashes, input validation bypass, and other security vulnerabilities [104]. In our example in Figure 1.1, in the first two cases (PHP variable $C1 evaluates to TRUE, or $C1 evaluates to FALSE and $C2 evaluates to TRUE), an HTML form with an HTML input named foo is generated.…”

Section: Challenges In Analyzing Dynamic Web Applicationsmentioning

confidence: 99%

“…We introduce Dangling Reference Checker (DRC) [107,104], a tool to statically detect PHP and embedded dangling references in PHP-based web applications. DRC matches the constraint of each reference against those of their declarations to check if a reference is dangling.…”

Section: Dangling Reference Detectionmentioning

confidence: 99%