StringBorg
Stratego -- Strategies for Program Transformation
Introduction
StringBorg is a solution to injection attacks for arbitrary languages.
StringBorg prevents injection attacks by embedding the syntax of guest languages (for example SQL, LDAP, Shell, XPath) in the host language (PHP, Java) and applying the
proper escaping rules and
positive checking automatically to all direct or indirect user input.
Documentation:
Supported languages
Currently,
StringBorg supports PHP and Java as host languages.
Supported guest languages are:
- SQL-92
- LDAP search filters
- Shell
- XPath
- XML
If you have suggestions or requests for languages that we should support, then please let us know (contact one of the developers or join our mailing list).
Download
Stable Releases
Currently no stable releases are available.
Latest Developments
Distributions (tarball, rpm, srpm) of the head revision are created continuously. We advice to install StringBorg using
Nix one-click install or RPM.
The distributions contain the latest of the latest developments, but if you really want to, the latest sources can be checked out using:
svn checkout https://svn.strategoxt.org/repos/StrategoXT/stringborg/trunk
Before you can configure the package as described above you have to run the
./bootstrap
script.
Latest Samples
Samples for
StringBorg are available in the standard distribution (subdirectory
stringborg-samples
), but also as a separate package to make the samples easier to use if you use a deployment system (RPM, Nix) for the installation of StringBorg. The latest tarball of the samples can be obtained from:
You need to install the samples: a plain
./configure
will configure the package (all its dependencies should be detected automatically) and you can make the samples using
make check
. In the various subdirectories you can of course also run the individual targets to generate specific files. See
Makefile.samples
for information on the targets.
Installation
Install the package with the usual sequence of commands:
$ ./configure
$ make
$ make install
You might need to set your
PKG_CONFIG_PATH
if you did not install the dependencies in a standard location. Configure will tell you to do this if it cannot find aterm, sdf, strategoxt, java-front, or sql-front.
Dependencies
StringBorg depends on:
- ATerm library (aterm)
- Latest unstable SDF2 Bundle (sdf2-bundle)
- Latest unstable Stratego/XT (strategoxt)
- Latest unstable Java-front (java-front)
- Latest unstable SQL-front (sql-front)
- Latest unstable PHP-front (php-front)
- Java Development Kit providing
java
and javac
.
Project Info
Issue Tracking
We use JIRA to keep track of issues. Please report any issues that you encounter!
Contact and Mailing List
Please send questions to the
stratego@cs.uu.nl mailing list. Also, the StringBorg developers are usually available on IRC at
irc.freenode.net/stratego. Feel free to drop by!
Source Repository
The sources of StringBorg are available from Subversion.
Team
Contributors:
Sponsors:
License
StringBorg is
LGPL (GNU Lesser General Public License) software.
Related Software