Pex Extension for Generating User Input Validation Code for Web Applications

Karel Frajták, Miroslav Bureš, Ivan Jelínek

Abstract

The code written by a software developer is not always flawless. The more code is created the more errors are introduced into the system. In web development different programming languages can be used to implement back–end and front–end sides of the application. For example, it is possible to implement user input validation multiple times — it validates the input values on client–side using JavaScript before the data is sent to server and then the received data is validated again on the server–side. The logic is duplicated, changes made to the validation code must be synchronised on both sides. All implementations must be also unit tested, which increases the time required to create and maintain multiple sets of unit tests. In this paper, we will describe how white–box testing tool Pex can be extended to generate user input validation code for ASP.NET MVC web applications. The validation code won’t be duplicated in JavaScript on the client–side and the application will be protected from sending invalid input values from the client–side. The testers can focus on testing using meaningful data input values. Testing of corner cases can be automated thus saving the available resources—testers involved in testing and time spent on testing.

References

  1. Alkhalaf, M., Bultan, T., and Gallegos, J. L. (2012). Verifying client-side input validation functions using string analysis. In Proceedings of the 34th International Conference on Software Engineering, ICSE 7812, pages 947-957, Piscataway, NJ, USA. IEEE Press.
  2. Bjornson, J., Tayanovskyy, A., and Granicz, A. (2011). Composing reactive GUIs in F# using WebSharper. In Implementation and Application of Functional Languages, volume 6647 of Lecture Notes in Computer Science, pages 203-216. Springer Berlin Heidelberg.
  3. Cadar, C. and Sen, K. (2013). Symbolic execution for software testing: three decades later. Commun. ACM, 56(2):82-90.
  4. de Moura, L. and Bjørner, N. (2008). Z3: An Efficient SMT Solver Tools and Algorithms for the Construction and Analysis of Systems, volume 4963/2008 of Lecture Notes in Computer Science, chapter 24, pages 337-340. Springer Berlin, Berlin, Heidelberg.
  5. Jamrozik, K., Fraser, G., Tillman, N., and Halleux, J. (2013). Generating test suites with augmented dynamic symbolic execution. In Veanes, M. and Viganò , L., editors, Tests and Proofs, volume 7942 of Lecture Notes in Computer Science, pages 152-167. Springer Berlin Heidelberg.
  6. Jamrozik, K., Fraser, G., Tillmann, N., and Halleux, J. D. (2012). Augmented dynamic symbolic execution. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pages 254-257, New York, NY, USA. ACM.
  7. Karpov, A. (2011). Myths about static analysis. the third myth - dynamic analysis is better than static analysis @ONLINE. http://www.viva64.com/en/b/0117/. Accessed: 2013-09-04.
  8. server side, a. (2012). Automated server-side form validation. In Informatics, Electronics Vision (ICIEV), 2012 International Conference on, pages 61-64.
  9. Simons, A. (2007). JWalk: a tool for lazy, systematic testing of java classes by design introspection and user interaction. Automated Software Engineering, 14(4):369-418.
  10. Tacy, A., Hanson, R., Essington, J., and Tokke, A. (2013). GWT in Action. Manning Publications.
  11. Tillmann, N. and de Halleux, J. (2008). Pex-white box test generation for .NET. In TAP, pages 134-153.
Download


Paper Citation


in Harvard Style

Frajták K., Bureš M. and Jelínek I. (2014). Pex Extension for Generating User Input Validation Code for Web Applications . In Proceedings of the 9th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2014) ISBN 978-989-758-036-9, pages 315-320. DOI: 10.5220/0004994103150320


in Bibtex Style

@conference{icsoft-ea14,
author={Karel Frajták and Miroslav Bureš and Ivan Jelínek},
title={Pex Extension for Generating User Input Validation Code for Web Applications},
booktitle={Proceedings of the 9th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2014)},
year={2014},
pages={315-320},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004994103150320},
isbn={978-989-758-036-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2014)
TI - Pex Extension for Generating User Input Validation Code for Web Applications
SN - 978-989-758-036-9
AU - Frajták K.
AU - Bureš M.
AU - Jelínek I.
PY - 2014
SP - 315
EP - 320
DO - 10.5220/0004994103150320