Software written in one language often needs to construct sentences in another language, such as SQL queries, XML output, or shell command invocations. This is almost always done using unhygienic string manipulation, the concatenation of constants and client-supplied strings. A client can then supply specially crafted input that causes the constructed sentence to be interpreted in an unintended way, leading to an injection attack. We describe a more natural style of programming that yields code that is impervious to injections by construction. Our approach embeds the grammars of the guest languages (e.g., SQL) into that of the host language (e.g., Java) and automatically generates code that maps the embedded language to constructs in the host language that reconstruct the embedded sentences, adding escaping functions where appropriate. This approach is generic, meaning that it can be applied with relative ease to any combination of host and guest languages.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ISO/IEC 9075:1992: Database Language SQL. July 1992.
	2	C. Anley. Advanced SQL injection. http://www.ngssoftware.com/papers/advanced_sql_injection.pdf,all2002.
	3	C. Anley. (more) Advanced SQL injection. http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf,all2002.
	4	D. Batory , B. Lofaso , Y. Smaragdakis, JTS: Tools for Implementing Domain-Specific Languages, Proceedings of the 5th International Conference on Software Reuse, p.143, June 02-05, 1998
	5	G. Bierman, E. Meijer, and W. Schulte. The essence of data access in Cω. In ECOOP 2005 - Object-Oriented Programming, 19th European Conf., volume 3586 of LNCS, pages 287--311. Springer, July 2005.
	6	Martin Bravenboer , Éric Tanter , Eelco Visser, Declarative, formal, and extensible syntax definition for aspectJ, Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 22-26, 2006, Portland, Oregon, USA
	7	M. Bravenboer, R. Vermaas, J. Vinju, and E. Visser. Generalized type-based disambiguation of meta programs with concrete object syntax. In Generative Programming and Component Engineering (GPCE'05), volume 3676 of LNCS, pages 157--172. Springer, Sept. 2005.
	8	Martin Bravenboer , Eelco Visser, Concrete syntax for objects: domain-specific language embedding and assimilation without restrictions, Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, October 24-28, 2004, Vancouver, BC, Canada
	9	Gregory Buehrer , Bruce W. Weide , Paolo A. G. Sivilotti, Using parse tree validation to prevent SQL injection attacks, Proceedings of the 5th international workshop on Software engineering and middleware, September 05-06, 2005, Lisbon, Portugal  [doi>10.1145/1108473.1108496]
	10	A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In Static Analysis Symposium (SAS '03), volume 2694 of LNCS, pages 1--18. Springer, June 2003.
	11	William R. Cook , Siddhartha Rai, Safe query objects: statically typed objects as remotely executable queries, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062488]
	12	Carl Gould , Zhendong Su , Premkumar Devanbu, JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications, Proceedings of the 26th International Conference on Software Engineering, p.697-698, May 23-28, 2004
	13	Carl Gould , Zhendong Su , Premkumar Devanbu, Static Checking of Dynamically Generated Queries in Database Applications, Proceedings of the 26th International Conference on Software Engineering, p.645-654, May 23-28, 2004
	14	William G. J. Halfond , Alessandro Orso, AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks, Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, November 07-11, 2005, Long Beach, CA, USA  [doi>10.1145/1101908.1101935]
	15	William G. J. Halfond , Alessandro Orso , Panagiotis Manolios, Using positive tainting and syntax-aware evaluation to counter SQL injection attacks, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, November 05-11, 2006, Portland, Oregon, USA  [doi>10.1145/1181775.1181797]
	16	W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proc. of the International Symposium on Secure Software Engineering, Mar. 2006.
	17	John E. Hopcroft , Rajeev Motwani , Jeffrey D. Ullman, Introduction to Automata Theory, Languages, and Computation (3rd Edition), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2006
	18	Yao-Wen Huang , Fang Yu , Christian Hang , Chung-Hung Tsai , Der-Tsai Lee , Sy-Yen Kuo, Securing web application code by static analysis and runtime protection, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA  [doi>10.1145/988672.988679]
	19	Daan Leijen , Erik Meijer, Domain specific embedded compilers, Proceedings of the 2nd conference on Domain-specific languages, p.109-122, October 03-06, 1999, Austin, Texas, United States
	20	V. Benjamin Livshits , Monica S. Lam, Finding security vulnerabilities in java applications with static analysis, Proceedings of the 14th conference on USENIX Security Symposium, p.18-18, July 31-August 05, 2005, Baltimore, MD
	21	O. Maor and A. Shulman. SQL injection signatures evasion. White paper, http://www.imperva.com/, Apr. 2004.
	22	Russell A. McClure , Ingolf H. Krüger, SQL DOM: compile time checking of dynamic SQL statements, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062487]
	23	E. Meijer and D. van Velzen. Haskell Server Pages: Functional programming and the battle for the middle tier. In 2000 ACM SIGPLAN Haskell Workshop, volume 41/1 of ENTCS. Elsevier, Aug. 2001.
	24	A. Møller. dk.brics.automaton - finite-state automata for Java. http://www.brics.dk/automaton/, 2005.
	25	Zhendong Su , Gary Wassermann, The essence of command injection attacks in web applications, Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.372-382, January 11-13, 2006, Charleston, South Carolina, USA
	26	E. Visser. Syntax Definition for Language Prototyping. PhD thesis, University of Amsterdam, Sept. 1997.
	27	Eelco Visser, Meta-programming with Concrete Object Syntax, Proceedings of the 1st ACM SIGPLAN/SIGSOFT conference on Generative Programming and Component Engineering, p.299-315, October 06-08, 2002
	28	E. Visser. Program transformation with Stratego/XT: Rules, strategies, tools, and systems in Stratego/XT 0.9. In C. Lengauer et al., editors, Domain-Specific Program Generation, volume 3016 of LNCS, pages 216--238. Spinger-Verlag, June 2004.
	29	Yichen Xie , Alex Aiken, Static detection of security vulnerabilities in scripting languages, Proceedings of the 15th conference on USENIX Security Symposium, p.13-13, July 31-August 04, 2006, Vancouver, B.C., Canada
	30	D. Zook, S. S. Huang, and Y. Smaragdakis. Generating AspectJ programs with Meta-AspectJ. In Generative Programming and Component Engineering: Third Intl. Conf., GPCE 2004, volume 3286 of LNCS, pages 1--19, Vancouver, Canada, October 2004. Springer.