Detection of custom parameters in a request URL

摘要

Identifying at least one custom parameter in a request uniform resource locator (URL). At least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL can be identified. The Web application can be instrumented at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison.

主权项

1. A computer program product comprising:
a computer-readable storage device having computer-readable program code embodied therewith, the computer-readable program code comprising: computer-readable program code configured to identify at least a first portion of source code of a Web application that typically consumes at least one custom parameter provided in a request URL; computer-readable program code configured to instrument the Web application at the first portion of the source code by adding to the first portion of the source code additional code configured to obtain run-time values assigned to variables processed by statements of the first portion of the source code; computer-readable program code configured to receive by the Web application the request URL and executing the Web application with the instrumented source code; computer-readable program code configured to identify at least one run-time value consumed by a second portion of the source code; computer-readable program code configured to compare the run-time value to the request URL to determine whether the run-time value intersects with the request URL, wherein the run-time value intersects with the request URL if the run-time value is obtained responsive to the first portion of source code consuming the request URL; computer-readable program code configured to, responsive to determining that the run-time value intersects with the request URL, identify the run-time value as the custom parameter; and computer-readable program code configured to generate a custom parameter rule based on the comparison.