没有合适的资源?快使用搜索试试~ 我知道了~
Static Analysis for Java Servlets and JSP.pdf
需积分: 0 21 下载量 69 浏览量
2008-06-23
08:55:23
上传
评论
收藏 279KB PDF 举报
温馨提示
试读
23页
对于初学者深入理解servlet和jsp有意义。<br>看到它的代码及图解受益匪浅...如果对你有所帮助就顶下....<br>分数不高哦...
资源推荐
资源详情
资源评论
Static Analysis for Java Servlets and JSP
Christian Kirkegaard and Anders Møller
BRICS
⋆
, University of Aarhu s, Denmark
{ck,amoeller}@brics.dk
Abstract. We present an approach for statically reasoning about the
behavior of Web applications that are developed using Java Servlets and
JSP. Specifically, we attack the problems of guaranteeing that all output
is well-formed and valid XML and ensuring consistency of XHTML form
fields and session state. Our approach builds on a collection of program
analysis techniques developed earlier in the JWIG and Xact projects,
combined with work on balanced context-free grammars. Together, this
provides the necessary foundation concerning reasoning about output
streams and application control flow.
1 Introduction
Java Servle ts [17] and JSP (JavaServe r Pages) [18] cons titute a widely used plat-
form for Web a pplication development. Applications that are developed us ing
these or related technologies are typically structured as collections of program
fragments (ser vlets or JSP pages) that receive user input, produce HTML or
XML output, and interact with databases. These fragments are connected via
forms and links in the generated pages, using deployment descriptors to declar-
atively map URLs to program fragments. This way of structuring applications
causes many challenges to the programmer. In particular, it is difficult to ensure,
at compile time, the following desirable properties:
– all output should be well-formed and valid XML (according to, for example,
the schema fo r XHTML 1.0);
– the forms and fields that are produced by one prog ram fragment that gen-
erates an XHTML page should always match what is expected by another
program fragment that takes care of receiving the user input; and
– session attributes that one pr ogram fra gment expects to be present sho uld
always have been set previo usly in the session.
Our aim is to develop a prog ram analysis system that can automatically check
these properties for a given Web application.
The small example program shown on the following page illustrates s ome of
the many challenges that may arise.
⋆
Basic Research in Computer Science (www.brics.dk),
funded by the Danish National Research Foundation.
public class Entry extends javax.servlet.http.HttpServlet {
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
String url = response.encodeURL(request.getContextPath()+"/show");
session.setAttribute("timestamp", new Date());
response.setContentType("application/xhtml+xml");
PrintWriter out = response.getWriter();
Wrapper.printHeader(out, "Enter name", session);
out.print("<form action=\""+url+"\" method=\"POST\">"+
"<input type=\"text\" name=\"NAME\"/>"+
"<input type=\"submit\" value=\"lookup\"/>"+
"</form>");
Wrapper.printFooter(out);
}
}
public class Show extends javax.servlet.http.HttpServlet {
protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
Directory directory = new Directory("ldap://ldap.widgets.org");
String name = misc.encodeXML(request.getParameter("NAME"));
response.setContentType("application/xhtml+xml");
PrintWriter out = response.getWriter();
Wrapper.printHeader(out, name, request.getSession());
out.print("<b>Phone:</b> "+directory.phone(name));
Wrapper.printFooter(out);
}
}
public class Wrapper {
static void printHeader(PrintWriter pw, String title,
HttpSession session) {
pw.print("<html xmlns=\"http://www.w3.org/1999/xhtml\">"+
"<head><title>"+title+"</title></head><body>"+
"<hr size=\"1\"/>"+
"<div align=\"right\"><small>"+
"Session initiated ["+session.getAttribute("timestamp")+"]"+
"</small></div><hr size=\"1\"/>"+
"<h3>"+title+"</h3>");
}
static void printFooter(PrintWriter pw) {
pw.print("<hr size=\"1\"/></body></html>");
}
}
2
This program contains two servlets: one named Entry that produces an XHTML
page with a form where the user enters a name, and one named Show tha t re -
ceives the user input and produces a reply as another XHTML page based on
information from an external database. We ass ume that the deployment descrip-
tor maps the relative URL enter to the first servlet and show to the second one.
Also, misc.encodeXML is a method that escapes special XML characters (for
example, converting < to <). At runtime, the pages may look as follow s:
In order for the program to work as intended, the programmer mus t consider
many aspects, even for such a tiny program, as the following questions indicate:
– do all open start tags produced by printHeader match the end tags pro-
duced by printFooter?
– does getAttribute("timestamp") always return strings that are legal as
XML character data? (for example, ‘<’ should not appear here)
– does the form ac tion URL that is produced by Enter in fact point to the
Show servlet? (this depends on the value of the action and method attributes
and the deployment descriptor mapping)
– is the parameter NAME always present when the Show servlet is executed?
(checking this requires knowledge of the presence of form fields in the XHTML
pages that lead to this servlet)
– is the attribute timestamp always present in the session state when the Show
servlet is executed? (if not, a null reference would appear)
To answer such questions statically, one must have a clear picture o f which string
fragments ar e being printed to the output stream and how the servlets are con-
nected in the applicatio n. Prese ntly, programmers resort to informal reasoning
and incomplete testing in order to obtain confidence of the correctness of the pro-
gram. A more satisfactory situation would of course be to have static guarantees
provided by a fully automatic analysis tool.
As the desirable properties listed above are clearly undecidable, the analysis
we present is necessarily approximative. We design our analysis to be conser-
vative in the sense that it may produce spurious warnings, but a program that
passes the analysis is guaranteed to satisfy the properties. Naturally, we aim for
an analy sis that has sufficient precis ion and performance to be practically useful.
Application ser vers handle JSP through a simple translation to servlets [18].
This means that by focusing our analysis efforts on servlets, we become able to
handle JSP, and applications that combine servlets and JSP, essentially for free.
3
Contributions Our contributions are the following:
– We show how to obtain a context-fr e e gramma r that conservatively approx-
imates the possible output of servle t/JSP applications using a variant of the
Java string analysis [8].
– On top of the string analys is, we apply theory of bala nce d grammars by
Knuth [13] and grammar a pprox imations by Mohri and Nederhof [15] to
check that the output is always well-formed XML.
– On top of the well-formedness checking, we show how a balanced context-
free grammar can be c onverted into a n XML g raph, which is subsequently
validated relative to an XML schema using an existing alg orithm [10].
– By analyzing the form and link elements that appear in the XML graph
together with the deployment descriptor of the application, we expla in how
to obtain an inter-servlet control flow graph of the a pplication.
– Based on the knowledge of the control flow, we give e xamples of derived
analyses for checking that form fields and session state are used consis tently.
Together, the above components form a coherent analysis system for reasoning
about the behavior of Web applica tio n that are built using Java Servlets and
JSP. The sy stem has a front-end that converts from Java code to context-free
grammars and a back-end that converts context-free grammars to XML graphs
and checks well-formedness, validity, and other correctness properties. Our ap-
proach can be viewed as combining and extending techniques from the JWIG and
Xact projects [7, 11, 10] and applying them to a ma instream Web application
development framework.
Perhaps surprisingly, the analysis of well-formedness and validity can be made
both sound and complete re lative to the grammar being produced in the front-
end. (The completeness, however, relies on an assumption that certain well-
defined contrived situations do not occur in the program being analyz e d).
The goa l of the present paper is to o utline our analys is system, with particular
fo c us on the construction of context-free gra mma rs and the translation from
context-free grammars to XML graphs. We base our prese ntation on a running
example. The system is at the time of writing not yet fully implemented; we
return to this issue in Section 6.
Although we here focus on Java-based Web applications, we are not rely ing on
language features that are specific to Java. In particular, the approach we present
could also be a pplied to the .NET or PHP platforms where Web applications are
typically als o built fr om loosely connected program fragments that each produce
XHTML output and receive form input.
Related Work We are not aware of previous attempts to statically analyze
the aspects mentioned above for Java Servlets and JSP applications. The most
closely related work is that of Minamide [14] who combines s tr ing analysis with
HTML validation for PHP. In [14], a variant of the technique from [8] is used
to produce a context-free grammar from a PHP prog ram. HTML validation is
performed either by ex tracting and checking sample documents or by considering
only documents with bounded depth, which results in neither sound nor complete
analysis results.
4
There are other related interesting connections between XML data and context-
free grammars, in particular, the work by Bers tel and Bo asson [3] and Br¨uggemann-
Klein and Wood [5]. The paper [3] uses Knuth’s results to check some aspects of
XML well-formedness for a given context-free g rammar, but it does not take the
full step to validity. The paper [5] only considers grammars that correspond to
well-formed XML documents, whereas our scenario involves arbitrary context-
free grammars that need to be checked for well-formedness and validity.
Inter-servlet control flow analysis is closely related to workflow and business
protocols for Web services. Much effor t is put into designing workflow languages
and Web service composition languages to be used for modeling and analyzing
properties during the desig n phase of Web application development (examples
are WS-BPEL [2] and YAWL [20]). Our work complements this in the sense that
the analysis we present is able to reverse engineer workflows from the source code
of ex isting Web applications (although that is not the focus of the present paper).
This is related to process mining [9] but using source code instead of system logs,
and thereby obtaining conservative results.
As mentioned, our technique builds on our earlier work on JWIG and Xact.
JWIG [7] is a J ava-bas e d framework for Web application development where
session control-flow is explicit and XHTML pages ar e built in a structured ma n-
ner that permits sta tic analysis of validity and form field consistency. Xact [11 ]
is a related language for expressing XML transformations. The notion of XML
graphs, which is essential to our analysis system, comes from these projects
(where they are also called summary graphs for historical reasons) – an XML
graph is a representation of a potentially infinite set of XML structures that
may appear in a running JWIG or Xact program. The paper [10] describes an
algorithm for validating an XML graph relative to a schema written in XML
Schema.
Overview We first, in Section 2, describe how to analyze the output strea m
and produce a context-free grammar that approximates the possible output of
a given Web application. Sectio n 3 explains the well-formedness check and the
construction of a balanced grammar. In Section 4 we then show how to convert
the balanced grammar into an XML graph and check validity relative to an XML
schema.
Section 5 describes the construction of the inter-servlet control flow graph,
based on the XML graph and the deployment descriptor . We also sketch how to
use the XML graph and the control-flow information to check consistency of the
use of form fields and sess ion state. Finally, in Section 6 we discuss challenges
and c onsiderations for implementing the entire analysis system and ex pectations
for its p erformance and precision.
We defer the technical details to app e ndices: in Appendix A we recapitu-
late Knuth’s algorithm for check ing balancing of the language of a CFG and
introduce some nota tion used in the following appendix; Appendix B presents
our extension of Knuth’s algorithm for constructing balanced grammars; and
Appendix C explains the precision of our analysis.
5
剩余22页未读,继续阅读
资源评论
让生命过得有意义
- 粉丝: 15
- 资源: 58
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功