CISPA
Browse

A Generalized Approach for Solving Web Form Constraints

Download (428.58 kB)
conference contribution
posted on 2024-11-21, 11:22 authored by Björn Karthein, Cristian-Alexandru StaicuCristian-Alexandru Staicu, Andreas ZellerAndreas Zeller
When creating automated tests for web applications, one major part is filling and submitting web forms. Filling out forms automatically is challenging, as form fields would typically be subject to specific constraints that prevent entry of invalid data. Modern test generators, such as the recently proposed Black Ostrich scanner, are already capable of identifying expected patterns for form values and solve them, using instance generators for regular expressions and/or string constraint solvers. String solvers, however, are limited to, well, strings. We present FormWhisperer, a fully automated solution for testing web pages containing forms. It is able to extract and solve complex constraints on form input values, such as arithmetic constraints or relations between multiple form fields. FormWhisperer symbolically analyzes the HTML and JavaScript code of a web page to automatically extract a language specification that captures syntax and semantics of the form fields. This language specification can be used as is to generate test inputs that are valid syntactically and semantically; on top, it can also validate inputs independently; and it is human-readable, meaning that it can be edited and maintained by developers, or used in documentation.

History

Primary Research Area

  • Threat Detection and Defenses

Secondary Research Area

  • Empirical and Behavioral Security

Name of Conference

Automated Software Engineering Conference (ASE)

Page Range

2460-2461

Publisher

Association for Computing Machinery (ACM)

Open Access Type

  • Not Open Access

BibTeX

@conference{Karthein:Staicu:Zeller:2024, title = "A Generalized Approach for Solving Web Form Constraints", author = "Karthein, Björn" AND "Staicu, Cristian-Alexandru" AND "Zeller, Andreas", year = 2024, month = 10, pages = "2460--2461", publisher = "Association for Computing Machinery (ACM)", doi = "10.1145/3691620.3695600" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC