Validation of input parameters is an area of great importance in computer programming. Traditionally, input validation was used as safeguard against user errors, in particular in times of uncomfortable and error prone user interfaces such as command line parameters or parameter files, especially in batch processing. This was done as the provision of incorrect input parameters often resulted in program crashes, associated with a loss of work time, among others.
Although nowadays user interfaces have improved considerably, incorrect input parameters are still a major problem in program development. In addition to the existing problems, the validation of input parameters has actually gained importance due to the spread of data networks such as the Internet. Loosely coupled, distributed computer programs exchange input and output parameters over data networks, often using some open and sometimes poorly defined protocols. It is known that distributed programs, particularly programs running in an open network environment like the Internet, are vulnerable to attacks by malicious users or viruses. In particular, web applications such as home banking or online shops accepting input parameters provided over data network interface can be manipulated by sending a maliciously crafted input parameter to the program.
A well known example of such an attack is the exploitation of buffer overflows. By providing a very large or non-terminated input parameter to a program, it often fails upon evaluation of the input parameter, sometimes resulting in a crash of security critical programs or systems. This can be exploited as a means of disabling security measures, among other things.
A second, related attack scenario is to provide an input parameter that will result in the execution of a control statement provided as part of the input parameter. Such an attack is commonly referred to as an injection attack, where a foreign, typically user provided control statement is injected in a typically programmer provided control statement.
In order to prevent these and other negative effects of any incorrect input parameters provided to a computer program, the provided input parameters need to be validated. One approach to the problem is for the computer programmer of the particular computer program to write validation code specific to the validation of all received input parameters. This, however, is tedious for the programmer and often results in incomplete validation of provided input parameters, as the application programmer is usually more concerned with the application logic than with the validation of input parameters.
A second approach is based on validating input parameters before they are actually passed on to a program. By providing a formal interface description of what input parameters a computer program actually expects, an automatic input validation can in principle be performed. For example, the IBM XML4J parser, described in Brett McLaughlin's “Java & XML—Solutions to Real-World Problems”, 2nd Edition,.ISBN 0-596-00197-5, can be used to validate input parameters with respect to an interface description. Consequently, the application programmer is relieved of the duty of writing code for validation of input parameters.
However, the programmer has to provide a formal interface description of the expected input parameters instead. Such a formal description can be given, for example, in the Web Service Description Language (WSDL), an open standard for defining the allowable input and output parameters of a web service accessible by the Simple Object Access Protocol (SOAP). Because both WSDL and SOAP are based on the Extensible Markup Language (XML), the formal description of parameters specified in a WSDL file is based on the XML Schema language.
XML Schema can serve a very powerful interface description language, which allows the exclusion of almost any kind of malicious input. However, it has a very complex syntax and can not easily be written by many application programmers. In consequence, many programmers only provide poor interface descriptions for the expected input parameters of their programs. For example, they just specify that the expected input parameter has the form of a character string. Such formal interface descriptions cannot, however, prevent the acceptance of potentially malicious input parameters.
Consequently, it is a challenge to provide improved software development systems and an improved method for validation.