detec ng inconsistencies in javascript mvc applica ons
play

Detec%ng Inconsistencies in JavaScript MVC Applica%ons - PowerPoint PPT Presentation

Apr 13, 2023 •120 likes •504 views

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S. Ocariza, Jr., Karthik PaAabiraman and Ali Mesbah University of British Columbia Most popular

  1. Detec%ng ¡Inconsistencies ¡ in ¡JavaScript ¡MVC ¡ Applica%ons ¡ Frolin ¡S. ¡Ocariza, ¡Jr., ¡ Karthik ¡PaAabiraman ¡and ¡Ali ¡Mesbah ¡ ¡ ¡ University of British Columbia ¡

  2. Most ¡popular ¡ Used ¡by ¡ 90% ¡of ¡all ¡ language ¡on ¡GitHub ¡ websites ¡ (RedMonk ¡survey) ¡ JavaScript ¡ 68% ¡of ¡JavaScript ¡ 4 ¡JavaScript ¡error ¡ faults ¡are ¡ ¡ messages ¡on ¡average ¡per ¡ DOM-­‑related ¡ website ¡ ¡ [ISSRE’11] ¡ [ESEM’13] ¡

  3. DOM-­‑Related ¡Faults ¡ JS CODE DOM var elem = getElementById(“car”) div ¡ elem.innerHTML = “Hello World!” p ¡ span ¡ DOM API Method Erroneous id=“bar” ¡ parameter DOM-Related Faults are … Prevalent Impactful Non-Trivial to Fix 3

  4. MVC ¡Frameworks ¡to ¡the ¡Rescue! ¡ MODEL ¡ VIEW ¡ CONTROLLER ¡ USES USES USES DEFINES DEFINES MODEL VARIABLES CONTROLLER FUNCTIONS MVC Frameworks use two-way data binding è No DOM method calls! 4

  5. MVC ¡Frameworks ¡to ¡the ¡Rescue! ¡ MODEL No DOM method calls è No DOM-Related $scope. msg = “”; Faults in MVC Applications! VIEW <input type=“text” ng- model=“ msg ” /> <div ng-bind=“ msg ”></div> 5

  6. MVC ¡Frameworks ¡to ¡the ¡Rescue? ¡ MODEL ¡ VIEW ¡ CONTROLLER ¡ USES USES USES DEFINES DEFINES MODEL CONTROLLER VARIABLES (MV) FUNCTIONS (CF) IDENTIFIER INCONSISTENCIES 6

  7. MVC ¡Frameworks ¡to ¡the ¡Rescue? ¡ MODEL ¡ VIEW ¡ CONTROLLER ¡ USES USES USES DEFINES DEFINES MODEL CONTROLLER VARIABLES (MV) FUNCTIONS (CF) TYPES TYPES IDENTIFIER INCONSISTENCIES TYPE INCONSISTENCIES 7

  8. MVC ¡Frameworks ¡to ¡the ¡Rescue? ¡ Identifier and type “What’s wrong with : “Why you should not AngularJS?” use AngularJS” Inconsistencies By By happen in real life B. Kinoshita E. Koshelko : e.g., No error messages thrown! Inconsistencies are hard to find 8

  9. To design a way to automatically detect identifier and type inconsistencies in MVC applications

  10. The most popular JS MVC framework in GitHub, StackOverfow, and YouTube 300% increase in AngularJS usage over the past year 10

  11. Our ¡Approach ¡ STATIC ANALYSIS 11

  12. Our ¡Approach ¡ MODEL ¡ VIEW ¡ String: a String: d VIEW ¡ Boolean: b String: fun() Object: c CONTROLLER ¡ Boolean: e String: bar() Object: c Number: foo() MODEL ¡ VIEW ¡ String: d String: a CONTROLLER ¡ Boolean: e String: foo() String: bar() MODEL ¡ CONTROLLER ¡ Boolean: e 12 String: fun()

  13. Our ¡Approach ¡ MODEL ¡ VIEW ¡ String: a String: d VIEW ¡ Boolean: b String: fun() Object: c CONTROLLER ¡ Boolean: e String: bar() Object: c Number: foo() MODEL ¡ VIEW ¡ String: d String: a CONTROLLER ¡ Boolean: e String: foo() String: bar() MODEL ¡ CONTROLLER ¡ Boolean: e Inconsistent 13 “e” is not defined in model! String: fun() types!

  14. Challenges ¡ $scope.obj = { prop1: 2, obj is a model variable, Nested prop2: { but so is obj.prop1 , subprop1: “hello”, Objects subprop2: true obj.prop2.subprop1 , } etc. prop3: “world” }; <li ng-repeat=“temp in arr”> Aliasing {{temp.val}} $scope.arr = […] </li> temp is an alias! V ¡ M C ¡ Groupings V ¡ M C ¡ 14

  15. Running Example Movie Search Search Page List User's Favourite Type Username Movies Input text element Button Movie Search Welcome User #1 Results Page - Star Wars Number of - 8 1/2 movies in list 2 movies List of movies Which User? 15

  16. “Search” ¡Model ¡ “Search” Grouping “SearchCtrl” ¡Controller ¡ “search.html” ¡View ¡ “Results” Grouping “Results” ¡Model ¡ “ResultsCtrl” ¡Controller ¡ “results.html” ¡View ¡ 16

  17. The view expects userData.count to be of type Number … ng-repeat attribute used to loop through movies in the movie list … … but … but ng-repeat loops userData.count through userData is assigned a String instead of userName model in the model userData.movieList variable not defined in model “Results” ¡Model ¡ “ResultsCtrl” ¡Controller ¡ $scope. userData = { “results.html” ¡View ¡ movieList : … count : “two”, … … $scope. alertUserName = function() }; <li ng-repeat=“movie in { userData ”>{{ movie.name }}</li> alert(… + $scope. userName ); … } <ng-pluralize 17 count=“ userData.count ” /> …

  18. Finding ¡the ¡Models, ¡Views, ¡and ¡Controllers ¡ Model Controller View 18

  19. “Results” ¡Model ¡ “SearchCtrl” ¡Controller ¡ “ResultsCtrl” ¡Controller ¡ “search.html” ¡View ¡ “Search” ¡Model ¡ “results.html” ¡View ¡ 19

  20. Inferring ¡IdenKfiers ¡ Model Variable Model Variable and and Controller Controller Function Function Definitions Usages Done via $scope identifier Embedded in HTML code “Straw man” approach : Just take whatever identifiers you see in the above parts of the code 20

  21. “Results” ¡Model ¡ “SearchCtrl” ¡Controller ¡ userData userName This is a searchUser() nested object “ResultsCtrl” ¡Controller ¡ userName “search.html” ¡View ¡ alertUserName() userName alertUserName() “Search” ¡Model ¡ “results.html” ¡View ¡ userName userData movie.name This is an alias userData.count 21

  22. Inferring ¡IdenKfiers: ¡Nested ¡Objects ¡ Tree, where each Object node is an object Literal property identifier userData ¡ $scope. userData = { movieList : { movie1 : …, count ¡ movieList ¡ intro ¡ display ¡ movie2 : … }, count : “two”, intro : …, movie1 ¡ movie2 ¡ display : true }; 22

  23. Inferring ¡Types ¡ For assigned/returned types : Look at AST node! bar is of type $scope.bar = “hello” String StringLiteral Insight : Parts of MVC applications typically written in “declarative” way 23

  24. Inferring ¡Types ¡ For expected types : Examine HTML attribute userData.count <ng-pluralize count =“ userData.count ” /> is expected to be a Number userData.display <h3 ng-if =“ userData.display ”>…</h3> is expected to be a Boolean 24

  25. “Results” ¡Model ¡ “SearchCtrl” ¡Controller ¡ Object: userData userName String: userData.count Void: searchUser() Object: userData.movieList “ResultsCtrl” ¡Controller ¡ “search.html” ¡View ¡ userName Void: alertUserName() userName alertUserName() “Search” ¡Model ¡ “results.html” ¡View ¡ String: userName Array/Object: userData userData.count.name userData.movieList.name Number: userData.count 25

  26. Discovering ¡MVC ¡Groupings ¡ Groupings can be inferred via ng-controller attribute Groupings can be inferred via routers

  27. .when(‘/’, { controller: ‘ SearchCtrl ’, templateUrl: ‘ search.html ’ } .when(‘/’, { controller: ‘ ResultsCtrl ’, templateUrl: ‘ results.html ’ } 27

  28. Grouping 1 “Search” ¡Model ¡ “SearchCtrl” ¡Controller ¡ “search.html” ¡View ¡ Grouping 2 “Results” ¡Model ¡ “ResultsCtrl” ¡Controller ¡ “results.html” ¡View ¡ 28

  29. DetecKng ¡Inconsistencies ¡ Controller Functions : String comparison of identifiers and types Model Variables: userData ¡ count ¡ movieList ¡ intro ¡ display ¡ userData.count Traverse ¡ movie1 ¡ movie2 ¡ 29

  30. Message 1: userName is not defined in “Results” model Message 2: userData.count.name not defined in “Results” model Message 3: userData.count expected to be of type Number, but is of type String instead in “Results” model 30

  31. Aurebesh ¡ http://www.ece.ubc.ca/~frolino/projects/aurebesh APP.JS “count” is expected to be a Number! RESULTS.HTML 31

  32. Research ¡QuesKons ¡ RQ1 : ¡Can ¡Aurebesh ¡help ¡developers ¡find ¡real ¡ bugs ¡in ¡real-­‑world ¡web ¡applicaKons? ¡ ¡ RQ2 : ¡How ¡accurate ¡is ¡Aurebesh ¡in ¡finding ¡ idenKfier ¡and ¡type ¡inconsistencies? ¡ ¡ RQ3 : ¡How ¡quickly ¡can ¡Aurebesh ¡perform ¡the ¡ inconsistency ¡detecKon ¡analysis? ¡ 32

  33. 20 ¡ open-­‑source ¡AngularJS ¡ applicaKons ¡ 100+ ¡to ¡ 1000+ ¡lines ¡of ¡JS ¡code ¡ ✗ eval() ¡ ✗ dynamic ¡type ¡conversions ¡ 33

  34. RQ1: ¡Real ¡Bugs ¡ Aurebesh found 15 bugs previously undetected (5 were acknowledged by developers) Slide Maker Todo Application Can’t change themes Can’t add todo items … and transitions in slides …

  35. RQ2: ¡Accuracy ¡ 10 types of Fault injection 200 injections per experiment mutations application 96% # of successful detections Recall # of total injections overall Close to 100% # of successful detections Precision # of error messages displayed (only one false positive)

  36. RQ3: ¡Performance ¡ Average Execution Time 121 ms Worst-case Execution Time 849 ms (eTuneBook)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali Mesbah 1 95% of all websites use JavaScript JavaScript The most popular language on both GitHub and StackOverflow for 4 years 2 Bugs abound

481 views • 35 slides
Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson KarlAnders Johansson FatSkunk 1 Market forecast for mobile More smartphones than PCs in 23 years Dominant pla@orms targeted 4G will fuel

790 views • 16 slides
Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel

Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel

Assimila'on of func'onal data and applica'on to ac've fires detec'on from satellites Jan Mandel University of Colorado Denver Ins5tute of Informa5cs, Czech Academy of Sciences With Ivan Kasanick, Adam K. Kochanski, Sher Schranz, and Mar5n

1.05k views • 47 slides
JavaScript for IoTivity Sakari Poussa, Intel @spoussa Topics Vision JavaScript for Everything

JavaScript for IoTivity Sakari Poussa, Intel @spoussa Topics Vision JavaScript for Everything

JavaScript for IoTivity Sakari Poussa, Intel @spoussa Topics Vision JavaScript for Everything Cloud HTML5 REST Apps Web API REST Server Server JavaScript GW Engine(s) Applica'on developer can use only web

484 views • 16 slides
ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es PRESENTED BY SAI TEJ KANCHARLA Content Introduc,on Mo,va,on And Threat Model System Overview Invariant Detec,on Invariant

549 views • 26 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S

Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S

Dialog in NLP applica.ons VELJKO MILJANIC Overview Applica(ons in S2S systems Overview of S2S system architecture Modeling contextual informa(on in S2S

977 views • 75 slides
Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.1k views • 57 slides
Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.03k views • 54 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming Language Principles Introduction to JavaScript Prof. Tom Austin San Jos State University History of JavaScript In 1995, Netscape hired Brendan

395 views • 16 slides
Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript Lars Larsson Today JavaScript strings JavaScript Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful degradation AJAX Summary Lecture #11 Advanced JavaScript 1

831 views • 38 slides
JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C of the Internet Take JavaScript for instance. It's widely criticized in the POPL community for getting many things wrong. But it must have

655 views • 44 slides
Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on (SED) Time ime Pres esent entation ion 11:10 11:30 Task Overview (NIST) Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa) 11:50 12:10 Dublin City

674 views • 28 slides
[1] Defini=on of allele-specific expression (ASE) Adopted from Unneberg, 2010 One gene can

[1] Defini=on of allele-specific expression (ASE) Adopted from Unneberg, 2010 One gene can

2610//16 ASE: allele-specific expression SciLifeLab RNA-seq course Outline 1. Defini=on of ASE Allele-specific expression, ASE 2. Detec=ng ASE (introductory case) 3. Applica=ons and prevalence of ASE 4. Important ASE considera=ons Olof

282 views • 10 slides
Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application Had a rough childhood Very misunderstood Performance difference across browsers Benchmark Pros/Cons JavaScript: WebGL &amp; Canvas

939 views • 18 slides
CVL to Clafer transformation Tom Wijsman 22 Januari 2015 Overview 1. CVL to Clafer

CVL to Clafer transformation Tom Wijsman 22 Januari 2015 Overview 1. CVL to Clafer

CVL to Clafer transformation Tom Wijsman 22 Januari 2015 Overview 1. CVL to Clafer transformation steps Identify common features for both languages 1. Create abstract and concrete visual syntax for CVL in AToMPM 2. Export metamodel and

401 views • 24 slides
strt r r r

strt r r r

strt r r r ss r rt r st rr rq

860 views • 47 slides
Design Presented by: Bill Brown, PE, Schneider Electric Engineering Services Confidential

Design Presented by: Bill Brown, PE, Schneider Electric Engineering Services Confidential

Schneider Electric 1MW PV Station Design Presented by: Bill Brown, PE, Schneider Electric Engineering Services Confidential Property of Schneider Electric Quick Facts In operation since May 2011 Converts solar radiation to electric

646 views • 15 slides
String g Telepho hone ne

String g Telepho hone ne

String g Telepho hone ne

350 views • 12 slides
Forecast constraints on cosmic strings from future CMB, pulsar timing and gravitational wave

Forecast constraints on cosmic strings from future CMB, pulsar timing and gravitational wave

Forecast constraints on cosmic strings from future CMB, pulsar timing and gravitational wave direct detection experiments Sachiko Kuroyanagi Univ. of Tokyo RESCEU (RESearch Center for the Early Universe) 12 Nov 2012 Based on S. Kuroyanagi,

657 views • 38 slides
Appearance before the House Standing Committee on Public Safety and National Security, February

Appearance before the House Standing Committee on Public Safety and National Security, February

Appearance before the House Standing Committee on Public Safety and National Security, February 27, 2019 Good afternoon. My name is Christopher Parsons. I am a research associate at the Citizen Lab, which is a part of the Munk School of Global

525 views • 4 slides
Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x

Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x

Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x Separation of Data and Services Application Application Application BIG APPS Rules Sem Application Rules Sem Application Application Rules Sem

535 views • 15 slides
CORPORATE SECURITY GREW BY 22% IN Q2 1 AGENDA Key takeaways from Q2 Key figures Business

CORPORATE SECURITY GREW BY 22% IN Q2 1 AGENDA Key takeaways from Q2 Key figures Business

Samu Konttinen, CEO Q2 / 2017 CORPORATE SECURITY GREW BY 22% IN Q2 1 AGENDA Key takeaways from Q2 Key figures Business updates Outlook Financials FAQ All figures refer to continuing operations unless otherwise stated. 2 KEY TAKEAWAYS

961 views • 39 slides

More recommend