Proposing SQL Statement Coverage Metrics: Difference between revisions

Line 135:

Input variable coverage measures the percentage of input variables used in at least one test at the server-side. Input variable coverage does not consider all the constraints for the input variable.

'''Definition''': A set of tests satisfies input variable coverage criterion if and only if for every input variable f ∈ F, there exists at least one test that uses that input variable at least once.

'''Definition''': A set of tests satisfies input variable coverage criterion if and only if for every input variable ''f'' ∈ '''F''', there exists at least one test that uses that input variable at least once.

'''Metric''': The input variable coverage criterion can be measured by the percentage of input variables tested at least once by the test set out of total number of input variables found in any target statement in the production code of the system.

'''Input variable coverage''' = '''PLACEHOLDER'''

where Test(f) is an input variable used in at least one test.

'''Coverage interpretation''': A low value for input variable coverage indicates that input validation testing is insufficient. Programmers need to add more test cases for untested input variables to improve input variable coverage.

We note here that a test set which achieves 100% input variable coverage and 100% target statement coverage may not contain any tests with malicious input. Consider a test set which satisfies both coverage criteria and leverages a blacklist to test for input validation attacks. This test set ensures that every input variable in every target statement is tested with every attack in the blacklist.

The relationship between target statement coverage and input variable coverage is not yet known; however, we contend that input variable coverage is a useful, finer-grained measurement.

Input variable coverage has the effect of weighting a target statement which has more input variables more heavily. Since most input variables are each a separate potential vulnerability if not adequately validated, a target statement which contains more input variables is of a higher threat level.

== 4. Related Work ==

== 9. References ==

@@ Line 135: / Line 135: @@
 Input variable coverage measures the percentage of input variables used in at least one test at the server-side. Input variable coverage does not consider all the constraints for the input variable.
-'''Definition''': A set of tests satisfies input variable coverage criterion if and only if for every input variable f ∈ F, there exists at least one test that uses that input variable at least once.
+'''Definition''': A set of tests satisfies input variable coverage criterion if and only if for every input variable ''f'' &isin; '''F''', there exists at least one test that uses that input variable at least once.
 '''Metric''': The input variable coverage criterion can be measured by the percentage of input variables tested at least once by the test set out of total number of input variables found in any target statement in the production code of the system.
+'''Input variable coverage''' = '''PLACEHOLDER'''
+where Test(f) is an input variable used in at least one test.
+'''Coverage interpretation''': A low value for input variable coverage indicates that input validation testing is insufficient. Programmers need to add more test cases for untested input variables to improve input variable coverage.
+We note here that a test set which achieves 100% input variable coverage and 100% target statement coverage may not contain any tests with malicious input. Consider a test set which satisfies both coverage criteria and leverages a blacklist to test for input validation attacks. This test set ensures that every input variable in every target statement is tested with every attack in the blacklist.
+The relationship between target statement coverage and input variable coverage is not yet known; however, we contend that input variable coverage is a useful, finer-grained measurement.
+Input variable coverage has the effect of weighting a target statement which has more input variables more heavily. Since most input variables are each a separate potential vulnerability if not adequately validated, a target statement which contains more input variables is of a higher threat level.
+== 4. Related Work ==
 == 9. References ==