leaks-when-analysis
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
leaks-when-analysis [2018/11/20 11:59] pullonen |
leaks-when-analysis [2020/02/03 15:31] pullonen [Quick guide] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Leaks-when analyser ====== | + | ====== SQL Leaks-when analyser ====== |
| Leaks-when analyser has a a user-facing frontend application (part of [[sql-privacy-analyser|SQL-privacy analyser]]) that allows to extend models by attaching SQL scripts to its elements. SQL queries are added to tasks and SQL database schemas are added to data objects. SQL scripts are attached by adding specific labels into the XML code of the model. The editor uses [[https://github.com/pleak-tools/pleak-leaks-when-ast-transformation|pleak-leaks-when-ast-transformation]] component as a communication provider between the editor and [[https://github.com/pleak-tools/pleak-leaks-when-analysis|pleak-leaks-when-analysis]] tool to perform an analyze on the extended model to combine and present the results. Editor, connector component and analysis tool have separate codebases, but they are all required to use the full functionality of the analyser. | Leaks-when analyser has a a user-facing frontend application (part of [[sql-privacy-analyser|SQL-privacy analyser]]) that allows to extend models by attaching SQL scripts to its elements. SQL queries are added to tasks and SQL database schemas are added to data objects. SQL scripts are attached by adding specific labels into the XML code of the model. The editor uses [[https://github.com/pleak-tools/pleak-leaks-when-ast-transformation|pleak-leaks-when-ast-transformation]] component as a communication provider between the editor and [[https://github.com/pleak-tools/pleak-leaks-when-analysis|pleak-leaks-when-analysis]] tool to perform an analyze on the extended model to combine and present the results. Editor, connector component and analysis tool have separate codebases, but they are all required to use the full functionality of the analyser. | ||
| Line 24: | Line 24: | ||
| Clicking on tasks or data objects opens a menu on the right side of the page (in sidebar). You can add SQL scripts (in a form of stored procedures and queries) to tasks. Database information (in a form of database schemas) can be added to data objects. | Clicking on tasks or data objects opens a menu on the right side of the page (in sidebar). You can add SQL scripts (in a form of stored procedures and queries) to tasks. Database information (in a form of database schemas) can be added to data objects. | ||
| - | **Running analysis** | + | **Running the analysis** |
| - | First select the data objects that are of interest. Clicking on LeaksWhen Report button opens analysis results panel (entitled Analysis results) on the right side of the page (in sidebar). There you can see analysis results for each selected task (ordered as they are ordered on the model). Under each task you can expand the view to see all attributes in this table and open attribute specific result-graphs by clicking "View graph" links. | + | |
| + | First select the data objects that are of interest (the analysis will show which inputs affect the chosen data objects and how). Clicking on LeaksWhen Report button opens analysis results panel (entitled Analysis results) on the right side of the page (in sidebar). There you can see analysis results for each selected data object (ordered as they are ordered on the model). Under each task you can expand the view to see all attributes in this table and open attribute specific result-graphs by clicking "View graph" links. Note that in case there is a conditional output then there may be many leaks-when graphs for one output field. For example one for the if and the other for the else branch. | ||
| **Output interpretation** | **Output interpretation** | ||
| + | |||
| SQL leaks-when output is a directed graph where the final node is a Filter. The first input (leaks) to the filter corresponds to the computation of the value that is given as output and the second input (when) corresponds to the conditions under which the computed value appears in the output. The other branches summarize the computations carried out by the workflow. | SQL leaks-when output is a directed graph where the final node is a Filter. The first input (leaks) to the filter corresponds to the computation of the value that is given as output and the second input (when) corresponds to the conditions under which the computed value appears in the output. The other branches summarize the computations carried out by the workflow. | ||
| - | More detailed instructions with example queries will be added soon. | + | **Supported SQL** |
| + | |||
| + | In general, the supported queries are SELECT queries with possible joins, various where statements and Group by as well as order by. The analyzer uses PostgreSQL. | ||
| + | <code> | ||
| + | create or replace function function_name( inputs) | ||
| + | returns TABLE(definition ) as | ||
| + | $$ | ||
| + | select ... into ... From (join) where... Group by... Order by.. | ||
| + | $$ | ||
| + | language SQL IMMUTABLE returns NULL on NULL INPUT; | ||
| + | |||
| + | select ... into ... From (join) where... Group by... Order by..; | ||
| + | </code> | ||
| + | |||
| + | The supported aggregations are SUM, MIN, MAX, COUNT, and AVG. | ||
| + | |||
| + | The supported operations are +, -, /, *, @ (geographical distance), =, <, <=, >, >=. | ||
| + | |||
| + | The names of the used tables must match the inputs of this task on the model. INTO should specify the table that is used as the output of that task on the model. | ||
| + | |||
| + | The updated set of operations supported by the SQL leaks-when front-end can be seen in [[https://github.com/pleak-tools/pleak-leaks-when-ast-transformation/blob/master/src/ast_rewriter.js|this file in the repository.]] The operations supported by the analyzer can be seen in [[https://github.com/pleak-tools/pleak-leaks-when-analysis/blob/master/src/GrbInput.ml|this file in the analyzer code.]] | ||
| + | |||
| + | **Supported BPMN** | ||
| + | |||
| + | SQL leaks-when analysis supports BPMN collaboration models (models with pools and messages in between them). It supports start and and events, intermediate message receive events, parallel gateways. | ||
| + | |||
| + | Sending tasks should not contain SQL queries. | ||
| ===== Source code ===== | ===== Source code ===== | ||
| The source code of the analysis tool is available at [[https://github.com/pleak-tools/pleak-leaks-when-analysis|pleak-leaks-when-analysis]] repository. The user interface of the analysis tool consists of [[https://github.com/pleak-tools/pleak-leaks-when-ast-transformation|pleak-leaks-when-ast-transformation]] and [[https://github.com/pleak-tools/pleak-sql-editor|pleak-sql-editor]]. | The source code of the analysis tool is available at [[https://github.com/pleak-tools/pleak-leaks-when-analysis|pleak-leaks-when-analysis]] repository. The user interface of the analysis tool consists of [[https://github.com/pleak-tools/pleak-leaks-when-ast-transformation|pleak-leaks-when-ast-transformation]] and [[https://github.com/pleak-tools/pleak-sql-editor|pleak-sql-editor]]. | ||
leaks-when-analysis.txt · Last modified: 2020/04/15 18:29 by pullonen
Page Tools
