42 research outputs found
SpecSatisfiabilityTool: A tool for testing the satisfiability of specifications on XML documents
We present a prototype that implements a set of logical rules to prove the
satisfiability for a class of specifications on XML documents. Specifications
are given by means of constrains built on Boolean XPath patterns. The main goal
of this tool is to test whether a given specification is satisfiable or not,
and justify the decision showing the execution history. It can also be used to
test whether a given document is a model of a given specification and, as a
by-product, it permits to look for all the relations (monomorphisms) between
two patterns and to combine patterns in different ways. The results of these
operations are visually shown and therefore the tool makes these operations
more understandable. The implementation of the algorithm has been written in
Prolog but the prototype has a Java interface for an easy and friendly use. In
this paper we show how to use this interface in order to test all the desired
properties.Comment: In Proceedings PROLE 2014, arXiv:1501.0169
Ensuring Query Compatibility with Evolving XML Schemas
During the life cycle of an XML application, both schemas and queries may
change from one version to another. Schema evolutions may affect query results
and potentially the validity of produced data. Nowadays, a challenge is to
assess and accommodate the impact of theses changes in rapidly evolving XML
applications.
This article proposes a logical framework and tool for verifying
forward/backward compatibility issues involving schemas and queries. First, it
allows analyzing relations between schemas. Second, it allows XML designers to
identify queries that must be reformulated in order to produce the expected
results across successive schema versions. Third, it allows examining more
precisely the impact of schema changes over queries, therefore facilitating
their reformulation
Fortifying Applications Against Xpath Injection Attacks
Code injection derives from a software vulnerability that allows a malicious user to inject custom code into the server engine. In recent years, there have been a great number of such exploits targeting web applications. In this paper we propose an approach that prevents a specific kind of code injection attacks known as xpath injection in a novel way. To detect an attack, our scheme uses location-specific identifiers to validate the executable xpath code. These identifiers represent all the unique fragments of this code along with their call sites within the application
Decidable classes of documents for XPath
We study the satisfiability problem for XPath over XML documents of bounded depth. We define two parameters, called match width and braid width, that assign a number to any class of documents. We show that for all k, satisfiability for XPath restricted to bounded depth documents with match width at most k is decidable; and that XPath is undecidable on any class of documents with unbounded braid width. We conjecture that these two parameters are equivalent, in the sense that a class of documents has bounded match width iff it has bounded braid width
Structural characterizations of the navigational expressiveness of relation algebras on a tree
Given a document D in the form of an unordered node-labeled tree, we study
the expressiveness on D of various basic fragments of XPath, the core
navigational language on XML documents. Working from the perspective of these
languages as fragments of Tarski's relation algebra, we give characterizations,
in terms of the structure of D, for when a binary relation on its nodes is
definable by an expression in these algebras. Since each pair of nodes in such
a relation represents a unique path in D, our results therefore capture the
sets of paths in D definable in each of the fragments. We refer to this
perspective on language semantics as the "global view." In contrast with this
global view, there is also a "local view" where one is interested in the nodes
to which one can navigate starting from a particular node in the document. In
this view, we characterize when a set of nodes in D can be defined as the
result of applying an expression to a given node of D. All these definability
results, both in the global and the local view, are obtained by using a robust
two-step methodology, which consists of first characterizing when two nodes
cannot be distinguished by an expression in the respective fragments of XPath,
and then bootstrapping these characterizations to the desired results.Comment: 58 Page