Preventing Injection Attacks with Syntax Embeddings: A Host and Guest Language Independent Approach

Software written in one language often needs to construct sentences in another language, such as SQL queries, XML output, or shell command invocations. This is almost always done using unhygienic string manipulation, the concatenation of constants and client-supplied strings. A client can then supply specially crafted input that causes the constructed sentence to be interpreted in an unintended way, leading to an injection attack. We describe a more natural style of programming that yields code that is impervious to injections by construction. Our approach embeds the grammars of the guest languages (e.g., SQL) into that of the host language (e.g., Java) and automatically generates code that maps the embedded language to constructs in the host language that reconstruct the embedded sentences, adding escaping functions where appropriate. This approach is generic, meaning that it can be applied with relative ease to any combination of host and guest languages. Preprint accepted for publiction in: Generative Programming and Component Engineering, 6th International Conference, GPCE 2007, Salzburg, Austria, October 1-3, 2007Software TechnologyElectrical Engineering, Mathematics and Computer Scienc

Declarative testing and depolyment of distributed systems

System administrators and developers who deploy distributed systems have to deal with a deployment process that is largely manual and hard to reproduce. This paper describes how networks of computer systems can be reproducibly and automatically deployed from declarative specifications. Reproducibility also ensures that users can easily instantiate a test environment, before deploying the specification to the production environment. Furthermore, from the same specifications we can instantiate virtual networks of virtual machines for both interactive and automated testing. This makes it easy to write automated regression tests that require external machines, need special privileges, or depend on the network topology. We instantiate machines from the specifications using NixOS, a Linux distribution built from a purely functional specification. We have applied our approach to a number of representative problems, including automatic regression testing of a Linux distribution and deployment of a continuous integration environment Preprint accepted for publication inSoftware TechnologyElectrical Engineering, Mathematics and Computer Scienc

Discovering Software License Constraints: Identifying a Binary’s Sources by Tracing Build Processes

With the current proliferation of open source software components, intellectual property in general, and copyright law in particular, has become a critical non-functional requirement for software systems. A key problem in license compliance engineering is that the legal constraints on a product depend on the licenses of all sources and other artifacts used to build it. The huge size of typical dependency graphs makes it infeasible to determine these constraints manually, while mistakes can expose software distributors to litigation. In this paper we show a generic method to reverse-engineer this information from the build processes of software products by tracing system calls (e.g., open) to determine the composition graph of sources and binaries involved in build processes. Results from an exploratory case study of seven open source systems, which allowed us to discover a licensing problem in a widely used open source package, suggest our method is highly effective.Software Computer TechnologyElectrical Engineering, Mathematics and Computer Scienc