Generalized L.R. Parsing
Grammar-based analysis of string expressions
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Static checking of dynamically generated queries in database applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Abstract parsing for two-staged languages with concatenation
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Type-Based enforcement of secure programming guidelines -- code injection prevention at SAP
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia
| Hi-index | 0.00 |
It is conventional for Java developers to access database engines through standard JDBC API which requires passing SQL queries in plain Java strings. This is referred to as embedding of SQL queries into Java. The strings are not checked at compile time, and errors in the queries (e.g. syntax errors or misspelled names) are usually detected only by testing. In this paper we describe a tool which statically analyzes SQL queries embedded into Java programs. It combines a sound syntactic analyzer with a testing facility which generates small tests to detect errors in individual queries and runs them on an actual database engine. The tool is implemented as a plug-in for Eclipse IDE and allows for interactive use in real-life projects.