%TOC%

---++ Introduction

StringBorg is a solution to injection attacks for arbitrary languages. StringBorg prevents injection attacks by embedding the syntax of guest languages (for example SQL, LDAP, Shell, XPath) in the host language (PHP, Java) and applying the _proper escaping_ rules and _positive checking_ automatically to all direct or indirect user input.

Documentation:
	* Technical report: _"Preventing Injection Attacks with Syntax Embeddings -- A Host and Guest Language Independent Approach"_ [[http://swerl.tudelft.nl/bin/view/Main/TechnicalReports][available]] from the website of our research group ([[http://swerl.tudelft.nl/twiki/pub/Main/TechnicalReports/TUD-SERG-2007-003.pdf][pdf]]).
	* Blog: http://mbravenboer.blogspot.com/search/label/stringborg

----+++ Supported languages

Currently, StringBorg supports PHP and Java as host languages.

Supported guest languages are:
	* SQL-92
	* LDAP search filters
	* Shell
	* XPath
	* XML

If you have suggestions or requests for languages that we should support, then please let us know (contact one of the developers or join our mailing list).

---++ Download

---+++ Stable Releases

Currently no stable releases are available.

---+++ Latest Developments

Distributions (tarball, rpm, srpm) of the head revision are created continuously. We advice to install StringBorg using [[http://nix.cs.uu.nl][Nix]] one-click install or RPM. 

	* http://buildfarm.st.ewi.tudelft.nl/releases/strategoxt/stringborg-unstable-latest/

The distributions contain the latest of the latest developments, but if you really want to, the latest sources can be checked out using:
<pre>
  svn checkout %SVNSTRATEGOXT%/stringborg/trunk
</pre>
Before you can configure the package as described above you have to run the =./bootstrap= script.

---+++ Latest Samples

Samples for StringBorg are available in the standard distribution (subdirectory =stringborg-samples=), but also as a separate package to make the samples easier to use if you use a deployment system (RPM, Nix) for the installation of StringBorg. The latest tarball of the samples can be obtained from:

	* http://buildfarm.st.ewi.tudelft.nl/releases/strategoxt/stringborg-samples-unstable-latest/

You need to install the samples: a plain =./configure= will configure the package (all its dependencies should be detected automatically) and you can make the samples using =make check=. In the various subdirectories you can of course also run the individual targets to generate specific files. See =Makefile.samples= for information on the targets.

---+++ Installation

Install the package with the usual sequence of commands:

<verbatim>
$ ./configure
$ make
$ make install
</verbatim>

You might need to set your =PKG_CONFIG_PATH= if you did not install the dependencies in a standard location. Configure will tell you to do this if it cannot find aterm, sdf, strategoxt, java-front, or sql-front.

---+++ Dependencies

StringBorg depends on:

	* ATerm library (aterm)
	* Latest unstable SDF2 Bundle (sdf2-bundle)
	* Latest unstable [[StrategoDownload][Stratego/XT]] (strategoxt)
	* Latest unstable [[JavaFront][Java-front]] (java-front)
	* Latest unstable [[SqlFront][SQL-front]] (sql-front)
	* Latest unstable [[PHP.PhpFront][PHP-front]] (php-front)
	* Java Development Kit providing =java= and =javac=.

---++ Project Info

---+++ Issue Tracking

We use JIRA to keep track of issues. Please report any issues that you encounter!
	* %ISSUE%/BORG

---+++ Contact and Mailing List

Please send questions to the [[https://mail.cs.uu.nl/mailman/listinfo/stratego][stratego@cs.uu.nl mailing list]]. Also, the StringBorg developers are usually available on IRC at [[irc://irc.freenode.net/stratego][irc.freenode.net/stratego]]. Feel free to drop by!

---+++ Source Repository

The sources of StringBorg are available from Subversion.
	* https://svn.cs.uu.nl:12443/repos/StrategoXT/stringborg/trunk

---+++ Team

Contributors:
	* [[http://martin.bravenboer.name][Martin Bravenboer]] (lead developer)
	* [[http://www.cs.uu.nl/people/eelco/][Eelco Dolstra]]
	* [[http://www.cs.uu.nl/people/visser/][Eelco Visser]]

Sponsors:
	* [[http://www.cs.uu.nl][Utrecht University, Department of Information and Computing Sciences]]
	* [[http://swerl.tudelft.nl/][Delft University of Technology, Software Engineering Research Group]]
	* [[http://www.jacquard.nl/][NWO Jacquard]] project [[http://www.cs.uu.nl/wiki/Trace/WebHome][TraCE]]

---+++ License

StringBorg is LGPL (GNU Lesser General Public License) software.

---++ Related Software

	* [[JavaFront][Java-front]] provides a syntax definition and pretty-printer for Java.
	* [[SqlFront][SQL-front]] provides a syntax for definition for SQL.
	* [[PHP.PhpFront][PHP-front]] provides a syntax for definition for PHP.
	* [[http://www.metaborg.org][www.metaborg.org]] gives an overview of MetaBorg related software and publications.

<!--
	* Set SKIN = customtitle
	* Set CUSTOMHEADTITLE = StringBorg
	* Set CUSTOMTOPICTITLE = StringBorg
-->