Statically Checking Web API Requests in JavaScript

Many JavaScript applications perform HTTP requests to web APIs, relying on the request URL, HTTP method, and request data to be constructed correctly by string operations. Traditional compile-time error checking, such as calling a non-existent method in Java, are not available for checking whether such requests comply with the requirements of a web API. In this paper, we propose an approach to statically check web API requests in JavaScript. Our approach first extracts a request's URL string, HTTP method, and the corresponding request data using an inter-procedural string analysis, and then checks whether the request conforms to given web API specifications. We evaluated our approach by checking whether web API requests in JavaScript files mined from GitHub are consistent or inconsistent with publicly available API specifications. From the 6575 requests in scope, our approach determined whether the request's URL and HTTP method was consistent or inconsistent with web API specifications with a precision of 96.0%. Our approach also correctly determined whether extracted request data was consistent or inconsistent with the data requirements with a precision of 87.9% for payload data and 99.9% for query data. In a systematic analysis of the inconsistent cases, we found that many of them were due to errors in the client code. The here proposed checker can be integrated with code editors or with continuous integration tools to warn programmers about code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201

Combining goal-oriented and model-driven approaches to solve the Payment Problem Scenario

Motivated by the objective to provide an improved participation of business domain experts in the design of service-oriented integration solutions, we extend our previous work on using the COSMO methodology for service mediation by introducing a goal-oriented approach to requirements engineering. With this approach, business requirements including the motivations behind the mediation solution are better understood, specified, and aligned with their technical implementations. We use the Payment Problem Scenario of the SWS Challenge to illustrate the extension

Program analysis to support quality assurance techniques for web applications

As web applications occupy an increasingly important role in the day-to-day lives of millions of people, testing and analysis techniques that ensure that these applications function with a high level of quality are becoming even more essential. However, many software quality assurance techniques are not directly applicable to modern web applications. Certain characteristics, such as the use of HTTP and generated object programs, can make it difficult to identify software abstractions used by traditional quality assurance techniques. More generally, many of these abstractions are implemented differently in web applications, and the lack of techniques to identify them complicates the application of existing quality assurance techniques to web applications. This dissertation describes the development of program analysis techniques for modern web applications and shows that these techniques can be used to improve quality assurance. The first part of the research focuses on the development of a suite of program analysis techniques that identifies useful abstractions in web applications. The second part of the research evaluates whether these program analysis techniques can be used to successfully adapt traditional quality assurance techniques to web applications, improve existing web application quality assurance techniques, and develop new techniques focused on web application-specific issues. The work in quality assurance techniques focuses on improving three different areas: generating test inputs, verifying interface invocations, and detecting vulnerabilities. The evaluations of the resulting techniques show that the use of the program analyses results in significant improvements in existing quality assurance techniques and facilitates the development of new useful techniques.Ph.D.Committee Chair: Orso, Alessandro; Committee Member: Giffin, Jon; Committee Member: Harrold, Mary Jean; Committee Member: Rugaber, Spencer; Committee Member: Tip, Fran

Relational Constraint Driven Test Case Synthesis for Web Applications

This paper proposes a relational constraint driven technique that synthesizes test cases automatically for web applications. Using a static analysis, servlets can be modeled as relational transducers, which manipulate backend databases. We present a synthesis algorithm that generates a sequence of HTTP requests for simulating a user session. The algorithm relies on backward symbolic image computation for reaching a certain database state, given a code coverage objective. With a slight adaptation, the technique can be used for discovering workflow attacks on web applications.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

A comparative study of process mediator components that support behavioral incompatibility

Most businesses these days use the web services technology as a medium to allow interaction between a service provider and a service requestor. However, both the service provider and the requestor would be unable to achieve their business goals when there are miscommunications between their processes. This research focuses on the process incompatibility between the web services and the way to automatically resolve them by using a process mediator. This paper presents an overview of the behavioral incompatibility between web services and the overview of process mediation in order to resolve the complications faced due to the incompatibility. Several state-of the-art approaches have been selected and analyzed to understand the existing process mediation components. This paper aims to provide a valuable gap analysis that identifies the important research areas in process mediation that have yet to be fully explored.Comment: 20 Pages, 9 figures and 8 Tables; International Journal on Web Service Computing (IJWSC), September 2011, Volume 2, Number

CSGM Designer: a platform for designing cross-species intron-spanning genic markers linked with genome information of legumes.

BackgroundGenetic markers are tools that can facilitate molecular breeding, even in species lacking genomic resources. An important class of genetic markers is those based on orthologous genes, because they can guide hypotheses about conserved gene function, a situation that is well documented for a number of agronomic traits. For under-studied species a key bottleneck in gene-based marker development is the need to develop molecular tools (e.g., oligonucleotide primers) that reliably access genes with orthology to the genomes of well-characterized reference species.ResultsHere we report an efficient platform for the design of cross-species gene-derived markers in legumes. The automated platform, named CSGM Designer (URL: http://tgil.donga.ac.kr/CSGMdesigner), facilitates rapid and systematic design of cross-species genic markers. The underlying database is composed of genome data from five legume species whose genomes are substantially characterized. Use of CSGM is enhanced by graphical displays of query results, which we describe as "circular viewer" and "search-within-results" functions. CSGM provides a virtual PCR representation (eHT-PCR) that predicts the specificity of each primer pair simultaneously in multiple genomes. CSGM Designer output was experimentally validated for the amplification of orthologous genes using 16 genotypes representing 12 crop and model legume species, distributed among the galegoid and phaseoloid clades. Successful cross-species amplification was obtained for 85.3% of PCR primer combinations.ConclusionCSGM Designer spans the divide between well-characterized crop and model legume species and their less well-characterized relatives. The outcome is PCR primers that target highly conserved genes for polymorphism discovery, enabling functional inferences and ultimately facilitating trait-associated molecular breeding

Development of workflow for picornavirus genome sequence analysis

Picornaviruses are small, non-enveloped, icosahedral, positive stranded RNA viruses and among the most common human pathogens. Some of the clinically important genera for humans are Enterovirus, Hepatovirus, Parechovirus and Cardiovirus. The symptoms for tthe picornaviral infections range from mild, asymptomatic to fatal disease. Threats posed to human health by these viruses is observedd in the constant outbreaks of enteroviruses and parechoviruses in the different parts of the world. Next generation sequencing provides an efficient way to detect and identify known or novel micro-organisms. Advantages of NGS are rapid sequencing methods, high-throughput process and affordable costs. On the other hand, NGS also requires advanced technical and computational skills, and creates a bottleneck owing to necessity of standardization of bioinformatic tools. It is therefore imperative to optimize and determine parameters, which provide accuracy in every stage of NGS workflow. The aim of this thesis was to develop a rapid and straightforward, user-friendly workflow for the assembly and analysis of picornaviral genomes. Chipster platform was chosen as the primary test platform. The workflow involved use of automated analysis pipelines (VirusDetect and A5 assembly pipeline), and alternative approaches, which included pre-processing of raw data, and reference-mapping or de novo assembly (Velvet and SPAdes) of picornavirus sequences. Except for de novo assembly and validation and quality assessment of final outputs, all steps were performed in Chipster. Of these approaches, VirusDetect and reference-mapping were not successful. A5 pipeline for microbial genome assembly was found to be very suited for picornavirus identification. Velvet and SPAdes also performed well, but Velvet assembler was found to more computationally exhaustive and time consuming. Quality assessment suggested that performance of SPAdes was relatively better than the performance of A5 or Velvet. As A5 pipeline does not require any parameter settings, it can be used as initila identification and contig/scaffold generation method for picornaviral sequences. Together with implementation of de novo assembler(s) on Chipster platform a novel, user-friendly NGS workflow for picornavirus sequence assembly can be established

PinAPL-Py: A comprehensive web-application for the analysis of CRISPR/Cas9 screens.

Large-scale genetic screens using CRISPR/Cas9 technology have emerged as a major tool for functional genomics. With its increased popularity, experimental biologists frequently acquire large sequencing datasets for which they often do not have an easy analysis option. While a few bioinformatic tools have been developed for this purpose, their utility is still hindered either due to limited functionality or the requirement of bioinformatic expertise. To make sequencing data analysis of CRISPR/Cas9 screens more accessible to a wide range of scientists, we developed a Platform-independent Analysis of Pooled Screens using Python (PinAPL-Py), which is operated as an intuitive web-service. PinAPL-Py implements state-of-the-art tools and statistical models, assembled in a comprehensive workflow covering sequence quality control, automated sgRNA sequence extraction, alignment, sgRNA enrichment/depletion analysis and gene ranking. The workflow is set up to use a variety of popular sgRNA libraries as well as custom libraries that can be easily uploaded. Various analysis options are offered, suitable to analyze a large variety of CRISPR/Cas9 screening experiments. Analysis output includes ranked lists of sgRNAs and genes, and publication-ready plots. PinAPL-Py helps to advance genome-wide screening efforts by combining comprehensive functionality with user-friendly implementation. PinAPL-Py is freely accessible at http://pinapl-py.ucsd.edu with instructions and test datasets