JP2012173745A - Database analysis device and database analysis program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To extract and provide the explanation information of each column from a Web application program using its database.SOLUTION: A database analysis device 100 includes: a Web application input part 110 which inputs a Web application 101 using an analysis object database, Web application setting data 102 to be used for the setting of the Web application 101 and a Web page template 103; and a specification processing execution part 1010 which specifies an input form component to be used for the creation of an input form displayed on a Web page created by the Web application 101, that is, an input form component associated with an input item name corresponding to the column of a table owned by the analysis object database on the basis of the Web application 101, the Web application setting data 102 and the Web page template 103, and specifies the input item name corresponding to the specified input form component.

Description

  The present invention relates to a database analysis apparatus and a database analysis program that analyze a Web application that uses a database to extract database table and column description information.

  In general, data modeling tools that are commercialized provide a function for outputting a list of tables and columns as a database analysis function (for example, Non-Patent Document 1). For example, Patent Document 1 is known as a technique for obtaining information that cannot be extracted simply by analyzing a database by analyzing a program that uses the database. In Patent Document 1, the data type of each data item in the database, the upper limit value, the lower limit value are checked by examining the comparison between the data type of the variable in which the data read from the database is stored and the constant value performed in the program. A method for extracting information such as a value or whether or not it is used as a loop exit condition is disclosed.

International Publication No. WO2009 / 011057

IBM InfoSphere Data Architect http: // www-06. ibm. com / software / jp / data / optim / data-architect / function. html

  For example, to develop a data linkage system between multiple databases, such as reflecting the order amount entered in the material system database on the accounting system database, the tables and columns that must be linked between each database Work to identify is necessary. However, in the prior art, only the table stored in the database, the list of column names (physical names) existing in each table, its range, etc. are extracted, and the meaning of the data stored in each column For (Usage), it was necessary to investigate the specifications based on the names of columns and tables. In addition to the time required for the investigation, there was a problem that correct information could not be obtained if the description of the specification was insufficient or the contents were old.

  In the present invention, in order to make it easy for a user to guess the meaning of each database column, the description information of each column is extracted from a Web application program (hereinafter also referred to as a Web application) that uses the database. And intended to provide.

The database analysis apparatus of the present invention is
A Web application program that uses a database to be analyzed, a Web application setting file that describes predetermined Web application setting information used for setting the Web application program, and a template used when the Web application program generates a Web page An input unit for inputting a web page template indicating type information;
An input form component used to generate an input form displayed on a Web page generated by the Web application program input to the input unit, the Web application program, the Web application setting file, and the Web page By analyzing the Web page template, specifying the input item name corresponding to the specified input form part and corresponding to the column of the table of the database to be analyzed A specific process execution unit to be identified;
An output unit that outputs information including at least the input item name specified by the specifying process execution unit as explanatory information of the column updated by input data input to the input form displayed on the Web page; It is characterized by having.

  According to the present invention, description information of each column can be extracted from a Web application program that uses the database and provided to the user.

1 is a configuration diagram of a database analysis device 100 according to a first embodiment. FIG. 3 is a diagram showing an outline of a Web application program 101 to a Web page template 103 according to the first embodiment. 9 is a flow showing processing operations of the Web application input unit 110 to the processing flow analysis unit 140 according to the first embodiment. FIG. 6 is a diagram for explaining the operation of a processing flow analysis unit 140 according to the first embodiment. 5 is a flow showing the operation of the input item name specifying unit 150 according to the first embodiment. FIG. 6 is a diagram for explaining the operation of the input item name specifying unit 150 according to the first embodiment. 6 is a flow for specifically explaining the content of S204 in FIG. 6 is a flow for specifically explaining the content of S204 in FIG. 6 is a flow for specifically explaining the content of S204 in FIG. The figure which shows the example to which the input item name specific system by the database analysis apparatus 100 of Embodiment 1 is applied. FIG. 6 is a diagram for explaining the operation of the output item name specifying unit 160 according to the first embodiment. FIG. 6 is a diagram for explaining the operation of the output item name specifying unit 160 according to the first embodiment. The figure which shows the analysis result output by the description information recording part 170 of Embodiment 1. FIG. 10 is a flowchart of a processing flow analysis unit 140 according to the second embodiment. 4 is another flowchart of the processing flow analysis unit 140 according to the second embodiment. The block diagram of the database analyzer 300 of Embodiment 3. FIG. FIG. 6 shows an appearance of a database analysis device according to a fourth embodiment. FIG. 6 is a diagram illustrating a hardware configuration of a database analysis device according to a fourth embodiment.

Embodiment 1 FIG.
FIG. 1 is a device configuration diagram showing a database analysis device 100. As shown in FIG. 1, the database analysis apparatus 100 includes a Web application input unit 110 (input unit), a page processing function specifying unit 120, a DB call function specifying unit 130, a processing flow analyzing unit 140, an input item name specifying unit 150, and an output. An item name specifying unit 160, an explanation information recording unit 170, and an analysis result output unit 180 (output unit) are provided. The page processing function specifying unit 120 to the output item name specifying unit 160 constitute a specifying process executing unit 1010. Hereinafter, the database may be referred to as “DB”.

  The web application input unit 110 reads the web application program 101 to be analyzed, the web application setting data 102 (web application setting file) that is the setting data of the web application, and the web page template 103 into the apparatus.

FIG. 2 is a diagram illustrating an outline of the Web application program 101 to the Web page template 103.
(1) The web application program 101 is input in the form of source code.
(2) The web application setting data 102 includes
(A) a list of URLs received by the Web application program 101;
(B) a function name (hereinafter referred to as an entry point) that is activated when a URL is called;
(C) and an identifier of a Web page template to be used as a URL processing result,
Is described. In the first embodiment, the “function name” is described for convenience, but the function name is not necessarily required. For example, in a Web application described in Java (registered trademark), a function (method) that is defined as a standard is used as long as a class name that is activated when a URL is invoked is known.
(3) The Web page template 103 is template data used when the Web application program 101 generates a Web page, and is a technique used in general Web applications such as JSP (registered trademark). The Web application program 101 reads the Web page template 103 and returns data in which the parameter portion therein is replaced with a value generated at the time of execution to the browser.

(1) The page processing function specifying unit 120 specifies an entry point for processing each page of the Web application program 101 from the read Web application setting data 102 as shown in FIG.
(2) The DB call function specifying unit 130 specifies a database call function existing in the Web application program 101 as shown in FIG.
(3) As shown in FIG. 2, the processing flow analysis unit 140 analyzes the processing flow in the Web application program 101 from the entry point to the DB call function, and is updated / referenced by processing started from the entry point. In addition to specifying the database table and column, the “variable group” in the program related to the input / output data of each column is specified.

(Variable group)
Here, the “variable group” related to the input data refers to a variable group that affects the value stored for each column when a database update occurs on the DB call function.
Similarly, the variable group related to the output data refers to a variable group in which a value corresponding to each column in the search result affects when a database search occurs on the DB call function.

  The input item name specifying unit 150 specifies a variable input from a form on the Web application program 101 to be analyzed among a group of input data related variables related to input data to each column. Further, the Web page template 103 in which form parts giving input to each specified variable are arranged is analyzed, the title of the output Web page and the input item name corresponding to the form part are extracted, and the entry point Is recorded in the explanation information recording unit 170 as explanation information for each column on the table updated by a series of processes starting from the above.

  Similarly, the output item name specifying unit 160 specifies a variable to be output to the web page from among variable groups related to output data from each column. Furthermore, it analyzes the Web page template that outputs each specified variable, extracts the title of the Web page and the output item name that describes the output data, and is referenced by a series of processes starting from the entry point. Is recorded in the explanation information recording unit 170 as explanation information for each column on the table.

  The analysis result output unit 180 outputs the description information recorded by the description information recording unit 170 as the analysis result 104.

FIG. 3 shows processing operations of the Web application input unit 110 to the processing flow analysis unit 140. Next, the operation will be described with reference to FIG.
(1) First, the web application input unit 110 reads the web application program 101, the web application setting data 102, and the web page template 103 into the apparatus (S11).
(2) Next, the page processing function specifying unit 120 uses the information of the input Web application setting data 102 to specify the URL of each page, the entry point of each page, and the Web page template displayed after the function is executed. A list is created (S12).
(3) Next, the DB call function specifying unit 130 searches the Web application program and specifies the appearance position of the DB call function (S13). Here, the “DB call function” is a built-in function provided by a platform such as an OS or a framework in order to issue an SQL statement to the database. The DB call function indicates a function that receives an SQL statement as an argument (FIG. 4 to be described later) and returns an execution result (data obtained as a result of the search). It is assumed that the function name of the DB call function is defined in advance.

The processing flow analysis unit 140 inputs the entry point of each page specified by the page processing function specifying unit 120 and the DB call function list in the program specified by the DB call function specifying unit 130, and enters the Web application program Then, it is determined whether there is a possibility of calling the DB call function from each page entry point (S14-1).
FIG. 4 is a diagram for explaining the operation of the processing flow analysis unit 140. If there is a possibility, the processing flow analysis unit 140 tracks the character string operation (assignment, concatenation, replacement, etc.) performed in the entry point as shown in FIG. 4, and the argument passed to the DB call function Among these, the character string variable assigned to the argument designating the SQL statement specifies what character string is stored (S14-2). Since the character string stored in the variable may be undefined depending on the branch of the program or the value input from the outside, a pattern representing the entire character string that can be stored in the variable is generally specified. .

(Extract command string)
When the processing flow analysis unit 140 identifies the pattern of the character string to be assigned to the argument specifying the SQL statement, the processing flow analysis unit 140 compares the predefined SQL grammar data with the identified character string pattern, and corresponds to a command in the SQL grammar. The character string to be extracted is extracted (S14-3).

(For update instructions)
If the command is an instruction to update the contents of the database, such as INSERT or UPDATE, the processing flow analysis unit 140 similarly identifies the table name and column name by comparing with the SQL grammar, and further each column. A variable group that affects the value to be assigned to is identified (S14-4).

  In the first embodiment, the method disclosed in the following <Reference> can be used for character string specification in the processing flow analysis unit 140 and comparison processing with the SQL grammar. Although the details are omitted, the method disclosed in this document generates a control flow graph starting from the entry point entry, and performs string operations that appear on the control flow, non-terminates the variables that store the strings. By expressing as a symbolic context-free grammar, the “grammar” that each string variable value should satisfy is specified. By examining the specified grammar, it is possible to specify a character string pattern generated on an arbitrary character string variable and a variable group that affects a specific part of the character string.

<References>
G. Wassermann and Z.M. Su. Sound and Precision Analysis of Web Applications for Injection Vulnerabilities. In Conference on Programming Language Design and Implementation (PLDI), 2007. In Conference on Programming Language Design and Implementation (PLDI), 2007.

(For reference instructions)
Returning to the description of the operation again. If the command is an instruction that refers to the contents of the database, such as SELECT, the processing flow analysis unit 140 obtains the table name and then sets the column name to the function that acquires the SQL search result as before. A character string to be passed is specified, and further, a variable group affected by the return value of the function is specified (S14-5). In order to identify a variable group affected by the return value of the SQL search result acquisition function, an assignment having the variable on which the return value is first assigned on the right side is set as the starting point in the program. Just track the sentence.

The result (input / output variable group) analyzed by the processing flow analysis unit 140 corresponds to the input item name and output item name on the Web page by the input item name specifying unit 150 and the output item name specifying unit 160. Attached. First, the operation of the input item name specifying unit 150 will be described with reference to FIGS. 5 and 6.
5 and 6 are a flowchart and a conceptual diagram showing the operation of the input item name specifying unit 150. FIG. A description will be given mainly with reference to FIG.

(Operation of input item name specifying unit 150)
The input item name specifying unit 150 first specifies a variable to which a value input from a form on a Web page is substituted (step 201). This specifying process can be easily performed by searching for a function for obtaining an input value from each form part on the control graph from the entry point and specifying a variable to which the return value is substituted. Also, the input value from which form part can be easily specified from the function name or the like. For example, in struts widely used as a web application development framework, an input value from a form part named “user” on a web page template is obtained by a function called getUser (). If get is removed from the function name, the corresponding form part name can be acquired.

  Next, the input item name specifying unit 150 specifies a variable (also referred to as an update influence variable) that affects the update of the database among variables to which the input value from each form part is substituted (step 202). Thereafter, the input item name identification unit 150 identifies the table name and column name affected by each variable by comparing with the processing result of the processing flow analysis unit 140 (variable group identified in S14-4) ( Step 203). As a result, the form part whose value is to be substituted for the variable that affects the update can be identified. Therefore, the input item name corresponding to the form part is identified by analyzing the Web page template 103 (step 204), and the identification result is obtained. Is stored in the explanation information recording unit 170 (step 205).

  As the Web page template 103 to be analyzed, a Web page template including a form having a URL corresponding to the entry point currently being analyzed as an action attribute is selected. The process (step 204) in which the input item name specifying unit 150 specifies the input item name from the Web page template will be described in detail with reference to FIGS. 7, 8, and 9 is the input item name specifying unit 150.

  First, the text enclosed in <title> to </ title> in the template is stored as the page name of the Web page generated by the template (step 301). Next, it is confirmed whether the form part is included in the table element on the HTML of the Web page template (step 302). If it is not surrounded by table elements, the word at the head of the line including the form part is regarded as the input item name (step 314).

  If it is surrounded by table elements, it is necessary to find the input item name corresponding to the form part from the character strings described in each cell in the table. In the present embodiment, the input item name is specified as follows.

  First, among the cells of the table (the range surrounded by <td> to </ td>), the cells whose rowspan attribute is 2 or more are decomposed for each row, and the same value (text, form part, The table is transformed into a table in which cells including the area stored when output on the Web page template (hereinafter referred to as Web application output value storage area) are arranged for the row span (step 303).

  Next, L = 1 is set (step 304), and the following processing is repeated until L = the number of table rows (step 305).

  First, from the Lth row, as many rows as possible that do not include form parts are taken out (step 307). These are called heading candidate lines. If there is no heading candidate line, the process proceeds to step 353. The same structure as that of m rows (1 ≦ m ≦ N−s + 1) from the s-th row (1 ≦ s ≦ N) from the bottom of the extracted heading candidate row (the number of rows is N) is the subsequent rows. The maximum number r of repeated appearances is obtained (steps 309 to 313 and 320 to 333). Whether or not they have the same structure satisfies the following conditions.

(1) The colspan attribute value of each cell is the same value as the corresponding cell of the heading candidate row (if there is no colspan, colspan = 1 is assumed) (step 322).
(2) The same form part (or text or Web application output value storage area) as the first matched cell appears (steps 323 and 324). The text may be different.

  For all s and m, r is obtained by the above processing, and m that maximizes the result of integrating m and r is set as the number of heading rows (steps 328 and 329). If m · r has the same value for a plurality of m, the one with the largest m is regarded as the number of heading lines. Regarding the corresponding s, the heading candidate lines corresponding to s-1 lines from the bottom are regarded as text unrelated to the heading, such as annotations. If r becomes 0 for all s and m (step 340), the process proceeds to step 351.

  Finally, input item names are given to all the form parts included in the repetitive structure by the method shown in steps 341 to 350. The method for assigning the item name shown in step 347 is as follows. First, assume that the input item name W = empty character string. If the text W0 is included at the beginning of the same cell, W = W0. Next, the text W1 of the corresponding cell ((L-1) + k + N- (M + S) +1 row, col column) from among the heading candidate rows is added with an appropriate delimiter such as a slash symbol. Thereafter, the text belonging to the same column is sequentially added among the texts of the candidate heading lines that do not appear in the repeated structure. However, if the same text appears continuously, it is added only once and the rest are simply ignored.

  After executing the above processing, L = L + N + R · M and return to the top of the loop (step 352). In steps 353 to 358, processing is performed when no heading candidate row is found in the table. In such a case, each line is regarded as indicating an independent input item. The method for assigning the input item name shown in step 356 is as follows. First, assume that the input item name W = empty character string. If the text W0 is included at the beginning of the same cell, W = W0. Next, the cells on the left side of the cell are sequentially scanned, and the contents W1 of the cell including only the text that appears first is added with an appropriate delimiter such as a slash symbol. Thereafter, the left cell is further scanned, and character strings are sequentially added until a cell including a form part appears or the first column is reached.

  The above processing is repeated until all the cells again correspond to text lines (step 355) or until the processing of the entire table is completed (step 354), and then updated to L = i (step 358). Back to top

  Since the input item name is determined for each form part on the Web page template after the loop ends, the input item name for the form part for which the input item name is specified is set to the table name of the database corresponding to the form part, The column name and the page name of the template are stored in the explanation information recording unit (step 315).

  As an example of the case where this method by the database analysis apparatus 100 is applied to input item name specification for the input form shown in FIG. 10, the input item name “ordering details / reference URL” is given to the form part 401 in FIG. Is done. Similarly, “order details / quantity” is given to the form part 402. In the form part 403, “delivery date” is given, and in the form part 404, “special notes” are given.

(Operation of output item name specifying unit 160)
Next, the operation of the output item name specifying unit 160 will be described with reference to FIGS. 11 and 12.
11 and 12 are a flowchart and a conceptual diagram showing the operation of the output item name specifying unit 160. FIG.
(1) First, the output item name specifying unit 160 specifies a variable (output variable) output on the Web page (S21). This specifying process can be easily performed by searching for a function for setting an output value to the Web page on the control graph from the entry point and specifying a variable input as an argument thereof. In addition, it is possible to easily specify from the function name or the like what identification name the output data is referred to on the Web page template. For example, in struts, data referred to as “price” on a Web page template is obtained by a function called setPrice (), and if set is removed from the function name, the corresponding output data name (variable) Can be obtained.
(2) Next, among the output variables output to each Web page by comparing with the processing result of the processing flow analysis unit 140, a variable affected by the search result of the database (also referred to as a search influence variable), The affected column name is specified (S22). Thereby, the Web application output value storage area (storage area) for the search influence variable affected by the search result can be specified (S23). For this reason, the output item name specifying unit 160 specifies the output item name corresponding to the specified Web application output value storage area by analyzing the Web page template (S24). As a Web page template to be analyzed, a Web page template that outputs an execution result of an entry point currently being analyzed is selected. That is, the output item name corresponding to each output data is specified by the same method (FIGS. 7 to 9) as the input item name specifying unit 150 (S24). However, “form part” in the above description (FIGS. 7 to 9) in the input item name specifying unit 150 is read as “Web application output value storage area”, and “output value storage area from Web application” is read as “form part”. Method.

When the analysis for all the entry points of the Web application program 101 is completed, the analysis result output unit 180 outputs the analysis results stored in the explanation information recording unit 170 to the user.
FIG. 13 shows the analysis result output by the explanation information recording unit 170. As shown in FIG. 13, there are a table name 501, a column name 502, an input page name 503 for each column, an input item name 504, an output page name 505, and an output item name 506. In the table, the column x2 of table2 does not describe the output page name and output item name, which means that the data of the same column did not appear on the Web page.

(1) As described above, for the input / output data of the Web application corresponding to the column updated / referenced by the database access generated in the Web application, the corresponding input / output item name is identified by analyzing the Web page template. Therefore, for each column in the database, description information for the user to guess the meaning of the column can be output.
(2) When each input / output item appears in the table on the Web page template, when the input / output item appears in the table by specifying the cell corresponding to the heading in the table Has the effect of correctly identifying the item name.
(3) Furthermore, in specifying a headline, by paying attention to the repeating structure of the table, there is an effect that a headline consisting of a plurality of lines can be handled.
(4) Furthermore, it is possible to deal with a table including a plurality of headings having different hierarchies by disassembling cells connected to a plurality of rows in advance for each row.
(5) Furthermore, by specifying a repetition of a structure as large as possible from the lines below the heading candidate line, it is possible to specify a heading heading that does not appear in a line including an actual input / output item.
(6) Further, in the process of specifying the repetitive structure, if a repetitive structure cannot be found, the repetitive structure specifying process is performed again by removing from the bottom of the heading candidate line, so It is possible to deal with a case where an irrelevant line is inserted.
(7) Furthermore, if the repeated structure is not found, the left side cell is scanned for each form part, and the heading is detected in the horizontal direction by considering the first consecutive text cell found as the heading. It can correspond to the table you have.
(8) Further, by restarting the analysis separately from the place where the repeated structure is interrupted, the heading can be specified even for a complicated table having a plurality of structures.
(9) Further, when a heading consisting of a plurality of lines or a plurality of columns is specified, the input / output item names can be made hierarchical by connecting the heading text with a delimiter.

  In the first embodiment, input / output items related to database reference / update are specified, and then item names for these items are specified on the Web page template. Of course, it is possible to calculate item names for all items on the Web page template to be analyzed when it is found to occur.

  When PHP is used as the Web application language, it is not necessary to specify a function because the code is executed in order from the first line of the PHP script activated corresponding to each URL. Furthermore, in PHP, the processing program and the Web page template for displaying the processing result are described in the same file, and the correspondence between the URL and the activated PHP script can be determined from the PHP storage directory. As a result, in PHP, information to be described in setting data can be automatically extracted.

Embodiment 2. FIG.
The second embodiment will be described with reference to FIGS. The second embodiment relates to the processing flow analysis unit 140. 14 and 15 is the processing flow analysis unit 140. In the first embodiment described above, the static analysis technology of the first method (FIG. 14) is applied to the processing flow analysis unit 140. Next, when speeding up the analysis processing of the first method, A “second method” (FIG. 15) that omits unnecessary processing in specifying an SQL sentence will be described.

First, the outline of the first method will be described with reference to FIG. In the first method, first, a Web application program is analyzed, and a control flow graph starting from an entry point is generated (step 601). A control flow graph is a graph of the execution path of instructions in a program. Next, in accordance with the character string operation (substitution, concatenation, substitution, etc.) on the control flow graph, the generation rule in the formal language theory is recorded (steps 602 to 609).
(1) When there is an assignment operation as a character string operation, the generation rule A → X (X is a variable name or character string) with the assignment destination variable name as a non-terminal symbol and the assignment source variable or character string constant on the right side Constant) is generated (steps 603 and 608).
(2) When there is a concatenation operation as a character string operation, a generation rule A → XY having a variable name to which the concatenated character string is assigned as a non-terminal symbol and a plurality of concatenated variables or character string constants on the right side (X and Y are variable names or character string constants) are generated (steps 604 and 607).
(3) In other cases, that is, an operation in which the character string of the first method is changed, for example, character string replacement, is considered that the character string generation rule given as input by the operation is converted, The first generation rule recorded for the input variable is converted by a finite automaton called a transducer reflecting the contents of the operation, and then the generation rule A ← X (X is an input variable or character to the conversion function) Column constant) is generated (steps 605 and 606).

  By repeating the above processing, it is possible to define a “grammar” for all the character string variables on the control flow graph. Finally, by comparing the grammar with the non-terminal symbol corresponding to the variable passed as an argument to the DB call function as the start symbol and the grammar of the SQL statement, it corresponds to the SQL statement command, column name, and table name. The character string to be specified is specified. Further, when the command is a command for updating the database such as insert and update, a variable group related to the value input to each column of the database is specified (step 610).

  In the first method, the processing corresponding to the above (3), that is, the grammar conversion processing by the transducer has a high calculation cost. Therefore, in the second embodiment, the processing speed is increased by keeping the processing (3) to the minimum necessary. The processing of the second method in the second embodiment will be described with reference to FIG.

  The second method is the same as the first method in that a control flow graph is generated and a generation rule is recorded corresponding to each character string operation on the flow graph (steps 701 to 704, 707, and 708). However, processing different from the first method is performed only when the character string operation corresponds to (3). In the first method, the generation rule for a variable given as an input is converted. In the second method, instead, a special generation rule A ← [dummy] ([dummy] is a notation for convenience and can be identified. Any symbol may be recorded (step 705). In addition, information necessary for grammatical conversion to be performed, that is, an input variable name and a transducer necessary for conversion are also recorded (step 706).

  Thereafter, as in the first method, the grammar having a non-terminal symbol corresponding to the variable passed as an argument to the DB call function as the start symbol is compared with the grammar of the SQL statement (step 710). It is confirmed whether or not [dummy] appears at a position where a column name or a table name should be specified (step 711). If it appears, the input variable name corresponding to the [dummy] and the transducer are taken out, subjected to grammar conversion (an example of restoration of normal generation rules), and then compared with the SQL grammar again. (Step 712). The above process is repeated, and when all the positions corresponding to the column name and table name are finally obtained, the process is terminated. Finally, if the command is a command that updates the database, such as insert or update, the variable group related to the value input to each column of the database is specified. If the information that it depends is used, even if [Dummy] is included in the input value, it can be specified as in the first method.

  As described above, a temporary generation rule is recorded for the character string conversion operation, and the grammar conversion process is performed only on the part necessary for extracting the column name and table name, thereby processing flow analysis. The part can be speeded up. If character string conversion processing occurs for all table names and column names, the second method needs to perform as many grammatical conversion processing as the first method. However, generally, character string conversion processing occurs in data recorded in a database or a search character string portion, and it is rare that character string conversion occurs for a table name or a column name to be accessed. Therefore, in most cases, the second method can be applied to perform processing faster than the first method.

Embodiment 3 FIG.
The third embodiment will be described with reference to FIG. In the first and second embodiments described above, it is necessary for the page processing function specifying unit 120 to be able to analyze the Web application setting data. However, in the third embodiment, the framework specifying unit 310 develops the target Web application. Identify the framework used for. By specifying and generating setting data that can be analyzed by the page processing function specifying unit 120 by this specification, it is possible to cope with various formats of Web application setting data. The form is shown below.

  FIG. 16 is a configuration diagram of the database analysis apparatus 300 according to the third embodiment. The database analysis device 300 further includes a framework specifying unit 310, a framework specifying rule storage unit 320, and a setting data generation function storage unit 330, in addition to the database analysis device 100 of the form 1 shown in FIG.

  The framework specifying unit 310 checks the file in the Web application storage directory name 105-3 of the Web application input by the user, and specifies the framework name used for the development of the Web application from the stored file name. To do. The rules stored in the framework specifying rule storage unit 320 are used for specifying. When the framework is specified, the framework specifying unit 310 calls the setting data generation function 331 corresponding to the specified framework among the setting data generation functions 331 stored in the setting data generation function storage unit 330. The setting data generation function 331 extracts information necessary for setting data from a file in the Web application storage directory by a method specific to each framework, and inputs the information to the page processing function specifying unit 120.

  As described above, the framework specifying unit 310 specifies the framework by examining the Web application storage directory. The setting data generation function 331 can correspond to various frameworks by extracting information from the files in the Web application storage directory according to a scheme specific to the framework and generating Web application setting data. There is an effect.

Embodiment 4 FIG.
The third embodiment will be described with reference to FIGS. 17 and 18. In the third embodiment, the hardware configuration of the database analysis apparatuses 100 and 300 which are computers will be described.
FIG. 17 is a diagram illustrating an example of the appearance of the database analysis devices 100 and 300.
FIG. 18 is a diagram illustrating an example of hardware resources of the database analysis apparatuses 100 and 300.
Since the database analysis device 100 and the database analysis device 300 are the same, the database analysis device 100 will be described as an example.

  In FIG. 17 showing the appearance, the database analysis device 100 includes a system unit 830, a display device 813 having a CRT (Cathode / Ray / Tube) or LCD (liquid crystal) display screen, and a keyboard 814 (Key / Board: K / B). Hardware resources such as a mouse 815 and a compact disk device 818 (CDD: Compact Disk Drive), which are connected by cables and signal lines. The system unit 830 is connected to the network.

  In FIG. 18 showing hardware resources, the database analysis apparatus 100 includes a CPU 810 (Central Processing Unit) for executing a program. The CPU 810 is connected to a ROM (Read Only Memory) 811, a RAM (Random Access Memory) 812, a display device 813, a keyboard 814, a mouse 815, a communication board 816, a CDD 818, and a magnetic disk device 820 via a bus 825. Control hardware devices. Instead of the magnetic disk device 820, a storage device such as an optical disk device or a flash memory may be used.

  The RAM 812 is an example of a volatile memory. Storage media such as the ROM 811, the CDD 818, and the magnetic disk device 820 are examples of nonvolatile memories. These are examples of a “storage device” or a storage unit, a storage unit, a recording unit, and a buffer. The communication board 816, the keyboard 814, and the like are examples of an input unit and an input device. The communication board 816, the display device 813, and the like are examples of an output unit and an output device. The communication board 816 is connected to the network.

  The magnetic disk device 820 stores an operating system 821 (OS), a window system 822, a program group 823, and a file group 824. The programs in the program group 823 are executed by the CPU 810, the operating system 821, and the window system 822.

  The program group 823 stores programs that execute the functions described as “˜units” in the description of the above embodiments. The program is read and executed by the CPU 810.

  In the description of the above embodiment, the file group 824 includes “to determination result”, “to calculation result”, “to extraction result”, “to generation result”, and “to processing result”. The described information, data, signal values, variable values, parameters, and the like are stored as items of “˜file” and “˜database”. The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 810 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, output, printing, and display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the CPU operations of extraction, search, reference, comparison, operation, calculation, processing, output, printing, and display. Is remembered.

  In the description of the embodiment described above, the data and signal values are the memory of the RAM 812, the compact disk of the CDD 818, the magnetic disk of the magnetic disk device 820, other optical disks, mini disks, and DVDs (Digital Versatile Disk). Or the like. Data and signals are transmitted on-line via the bus 825, signal lines, cables, and other transmission media.

  In the above description of the embodiment, what has been described as “to part” may be “to means”, and “to step”, “to procedure”, and “to processing”. May be. That is, what has been described as “˜unit” may be implemented by software alone, a combination of software and hardware, or a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 810 and executed by the CPU 810. That is, the program causes the computer to function as the “˜unit” described above. Alternatively, the computer executes the procedure and method of “to part” described above.

  In the above embodiment, the database analysis device has been described. However, the operation of each “˜unit” of the database analysis device can also be grasped as a database analysis program for causing a computer to execute. Alternatively, the operation of each “˜unit” of the database analysis apparatus can be grasped as a database analysis method.

In the above embodiment, the database analysis device having the following features has been described.
(1) The database analysis device takes as input the source code and setting file of a Web application that uses the database to be analyzed, and the Web page template, identifies input form parts on each page of the Web application, and supports the form parts The input item name to be specified is specified and output as the description information of the database column updated by the input data.
(2) The database analysis device further specifies an output item on the Web page to which data obtained from a certain column of the database is output, specifies an output item name corresponding to the item, and describes the column. Output as information.
(3) When the input / output item name is specified in the table when the input / output item name is specified, the database analyzer repeats the portion corresponding to the heading for each item of the table in the table. It is specified from the structure, and the specified heading is used as the input / output item name. Furthermore, the database analysis device is characterized by the following (a) to (e).
(A) The database analysis apparatus can deal with a table including a plurality of headlines having different hierarchies by previously disassembling cells connected to a plurality of rows for each row.
(B) The database analysis apparatus can specify a headline that does not appear in a line including an actual input / output item by specifying a repetition of a structure that is as large as possible from the line below the heading candidate line. .
(C) When the repeated structure is not found in the process of identifying the repeated structure, the database analysis apparatus removes the heading candidate line from the bottom in order and performs the repeated structure identifying process again, so that a headline such as a cautionary note is displayed. This corresponds to the case where a line unrelated to is inserted.
(D) The database analysis apparatus scans the left cell for rows where no repeated structure appears, and considers the first consecutive text cell found as a headline.
(E) The database analysis apparatus can specify a heading even for a complex table having a plurality of structures by restarting the analysis separately from a place where the repeated structure is interrupted.
(F) When a heading consisting of a plurality of rows or a plurality of columns is specified, the database analysis device concatenates the heading text with a delimiter to obtain a hierarchical input / output item name.
(4) The database analysis device tracks the character string operation in the Web application program by static analysis, and when specifying the SQL statement passed to the DB call function, the tracking processing for the character string conversion that takes time to analyze is performed. Omitting, the above tracking process is performed only at the minimum necessary place to specify the table name and column name.
(5) The database analysis device extracts the web application setting data necessary for the analysis from the web application storage directory by specifying the development framework used by the web application.

  100, 300 Database analysis device, 101 Web application program, 102 Web application setting data, 103 Web page template, 104 Analysis result, 105-3 Web application storage directory name, 110 Web application input unit, 120 Page processing function identification unit, 130 DB call function identification unit, 140 processing flow analysis unit, 150 input item name identification unit, 160 output item name identification unit, 170 description information recording unit, 180 analysis result output unit, 1010 identification process execution unit, 310 framework identification unit, 320 framework specific rule storage unit, 330 setting data generation function storage unit, 331 setting data generation function.

Claims (8)

A Web application program that uses a database to be analyzed, a Web application setting file that describes predetermined Web application setting information used for setting the Web application program, and a template used when the Web application program generates a Web page An input unit for inputting a web page template indicating type information;
An input form component used to generate an input form displayed on a Web page generated by the Web application program input to the input unit, the Web application program, the Web application setting file, and the Web page By analyzing the Web page template, specifying the input item name corresponding to the specified input form part and corresponding to the column of the table of the database to be analyzed A specific process execution unit to be identified;
An output unit that outputs information including at least the input item name specified by the specifying process execution unit as explanatory information of the column updated by input data input to the input form displayed on the Web page; A database analysis apparatus characterized by comprising. The specific process execution unit
Based on the Web application program, the Web application setting file, and the Web page template, the storage area of the output item in the Web page to which data obtained from the table column held by the database is output is specified. The output item name corresponding to the identified storage area and the output item name of the storage area associated with the column from which the data is obtained is identified by analyzing the Web page template,
The output unit is
The database analysis apparatus according to claim 1, wherein information including at least the output item name specified by the specifying process execution unit is output as description information of the column from which the data is acquired. The specific process execution unit
When the input item is included in the table, a plurality of heading candidates that are candidates corresponding to the heading for the input item of the table are extracted, and whether or not a repeated structure appears for the plurality of extracted heading candidates. When the determination is made and it is determined that the repeating structure appears, the heading for the input item of the table is specified based on the repeating structure from the plurality of heading candidates, and the specified heading is used as the input item name The database analysis apparatus according to claim 2, wherein the database analysis apparatus is employed. The specific process execution unit
When the output item is included in the table, a plurality of heading candidates that are candidates corresponding to the heading for the output item of the table are extracted, and whether or not a repeated structure appears for the plurality of extracted heading candidates. When the determination is made and it is determined that the repeating structure appears, the heading for the output item of the table is specified based on the repeating structure from the plurality of heading candidates, and the specified heading is used as the output item name 4. The database analysis apparatus according to claim 3, which is employed. The specific process execution unit
If it is determined that the repetitive structure does not appear as a result of the determination, a removal process for removing at least one headline candidate from the plurality of headline candidates is executed based on a predetermined criterion, and the headline candidate after the removal process is targeted 5. The database analysis apparatus according to claim 3, wherein it is determined whether or not a repetitive structure appears. The specific process execution unit
A string operation in the Web application program is tracked by static analysis and an SQL statement specifying process for specifying an SQL statement passed to a database call function is executed, and assigned as a character string operation in the SQL statement specifying process When it is determined that a character string operation that does not correspond to either the operation or the concatenation operation is performed, a temporary generation rule that is different from the normal generation rule for the character string operation and can be restored to the normal generation rule The rule is recorded, and the temporary generation rule is restored to the normal generation rule only when the normal generation rule is necessary when specifying the table name and the column name based on the SQL statement. The database analysis device according to any one of claims 1 to 5. The input unit is
Enter the storage directory information indicating the storage directory information of the Web application program,
The database analysis device further includes:
Specifying the framework used by the Web application program by referring to the storage directory information input by the input unit, and extracting the Web application setting information from the storage directory of the Web application program The database analysis apparatus according to claim 1, further comprising a unit. A Web application program that uses a database to be analyzed, a Web application setting file that describes predetermined Web application setting information used for setting the Web application program, and a template used when the Web application program generates a Web page A process of inputting a Web page template indicating type information;
Based on the Web application program, the Web application setting file, and the Web page template, an input form component used to generate an input form displayed on a Web page generated by the input Web application program. Identifying and identifying the input item name corresponding to the identified input form part and corresponding to the column of the table of the database to be analyzed by analyzing the Web page template; ,
A database for causing a computer to execute processing for outputting information including at least the specified input item name as explanatory information of the column updated by input data input to the input form displayed on the Web page Analysis program.

Images