Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Referential integrity quality metrics
Decision Support Systems
Stratego/XT 0.17. A language and toolset for program transformation
Science of Computer Programming
SAFELI: SQL injection scanner using symbolic execution
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
Interprocedural query extraction for transparent persistence
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Program transformation for numerical precision
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
A Static Analysis Framework for Database Applications
ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Active Integrity Constraints for Database Consistency Maintenance
IEEE Transactions on Knowledge and Data Engineering
LL(*): the foundation of the ANTLR parser generator
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
Extraction of Attribute Dependency Graph from Database Applications
APSEC '11 Proceedings of the 2011 18th Asia-Pacific Software Engineering Conference
Effective source-to-source outlining to support whole program empirical optimization
LCPC'09 Proceedings of the 22nd international conference on Languages and Compilers for Parallel Computing
Automated Insertion of Exception Handling for Key and Referential Constraints
APSEC '12 Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01
| Hi-index | 0.00 |
Key and referential constraints are two main integrity constraints in database applications. These constraints can be automatically enforced by the Database Management System with their exception-violation from these constraints-handled by programmers. This paper proposes an approach to relieve the burden of programmers from mechanical coding for handling exceptions of these constraints violation by using program transformation. We first propose an extended abstract syntax tree to include SQL query semantics. Based on it, each code pattern that requires exception handling together with the exception handling code to be inserted is represented as a transformation rule. We provide two alternatives to handle the exceptions: one is to handle the exceptions in conjunction with the built-in enforcement feature in Database Management System; the other is handling them without using the feature provided in Database Management System. Hence, two types of transformation rules are provided accordingly. A tool GEHPHP Generation of Exception Handling for PHP Systems has been developed to implement the proposed approach. Experiments have also been conducted to evaluate the applicable of the approach.