| 发明名称 |
SYSTEMS AND METHODS FOR SQL QUERY CONSTRAINT SOLVING |
| 摘要 |
The present invention relates to systems and methods for analyzing SQL queries for constraint violations, which may indicate injection attacks. The systems and methods tokenize a SQL query to generate a token stream. Next, lexical nodes are generated by iterating over the token stream. Then, a parse tree can be constructed by iterating over the lexical nodes. The parse tree may be compared to a SQL schema and access configuration for a database in order to analyze the SQL query for constraint violations, including determining the number of queries in the parse tree, identifying invalid fields and table access, identifying invalid field type comparisons and pattern matches, and identifying early statement termination. |
| 申请公布号 |
US2015205951(A1) |
申请公布日期 |
2015.07.23 |
| 申请号 |
US201514599978 |
申请日期 |
2015.01.19 |
| 申请人 |
Prevoty, Inc. |
发明人 |
Anand Kunal;Rozner Joseph;Vincent Merritt Carl;Weinberg Stephen |
| 分类号 |
G06F21/52;G06F21/57;G06F17/30 |
主分类号 |
G06F21/52 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computerized method for analyzing SQL queries for constraint violations comprising:
tokenizing a SQL query to generate a token stream; generating lexical nodes by iterating over the token stream; constructing a parse tree by iterating over the lexical nodes; and analyzing, using a processor, the parse tree for constraint violations by comparing the parse tree to a SQL schema and access configuration for a database. |
| 地址 |
Los Angeles CA US |
