Leaks-when analyser has a a user-facing frontend application (part of SQL-privacy analyser) that allows to extend models by attaching SQL scripts to its elements. SQL queries are added to tasks and SQL database schemas are added to data objects. SQL scripts are attached by adding specific labels into the XML code of the model. The editor uses pleak-leaks-when-ast-transformation component as a communication provider between the editor and pleak-leaks-when-analysis tool to perform an analyze on the extended model to combine and present the results. Editor, connector component and analysis tool have separate codebases, but they are all required to use the full functionality of the analyser.
Our analysis has been implemented in OCaml, using the OCamlgraph library for certain transversals of summary dependency grahps (SDGs). The integration of the analysis into the tool is somewhat peculiar, but the chosen way makes the integration very simple. The analysis is applied to a workflow defined at compile time in the source file RAInput.ml of the analyzer. Hence the analyzed workflow is expressed as an OCaml expression belonging to a variant type.
In order to execute the analyzer on different workflows, the analysis tool performs the following steps:
source of our analyzer.
topmost source file depends on RAInput.ml. Hence the object code has to be re-generated only for RAInput.ml (and the topmost source file), and not for the parts of the analyzer that generate and simplify the SDG or read the result out of it. This takes very little time.
the folder is given as a command-line parameter.
Leaks-when analyser is accessible through Actions menu (with burger-menu icon) under each model in own and shared models/folders lists of frontend - link “Open in SQL editor”.
Adding information to model elements for analysis
Clicking on tasks or data objects opens a menu on the right side of the page (in sidebar). You can add SQL scripts (in a form of stored procedures and queries) to tasks. Database information (in a form of database schemas) can be added to data objects.
Running the analysis
First select the data objects that are of interest. Clicking on LeaksWhen Report button opens analysis results panel (entitled Analysis results) on the right side of the page (in sidebar). There you can see analysis results for each selected task (ordered as they are ordered on the model). Under each task you can expand the view to see all attributes in this table and open attribute specific result-graphs by clicking “View graph” links.
SQL leaks-when output is a directed graph where the final node is a Filter. The first input (leaks) to the filter corresponds to the computation of the value that is given as output and the second input (when) corresponds to the conditions under which the computed value appears in the output. The other branches summarize the computations carried out by the workflow.
More detailed instructions with example queries will be added soon.