BA/MA: Se­cu­ri­ty Ana­ly­sis of XML/YAML/JSON/TOML/... Par­sers

Plain text formats are used everywhere, from data storage and transfer to configurations of tools. Often languages like XML, YAML, JSON, or TOML are used. To make it easier on the developer to work with these files, programming languages have standard modules and third-party libraries to parse them.

In a thesis on this topic, you would add Dockerfiles for parsers in many of the most popular programming languages to an existing framework. As each file format has different capabilities and potential security problems, you would write dedicated test cases for that format. Additionally, there are advanced query languages for many of these formats xpath, jq, ... which can have their own problems.

The exact scope of your tasks would depend on the work already done by other students and if it is a Bachelor's or Master's thesis.

 

Requirements:

  • Python (the framework is written in Python)
  • Docker

Kontakt