Hidden Query Extractor

Database Systems Lab
Indian Institute of Science

Welcome to the UNMASQUE software developed at the Database Systems Lab, Indian Institute of Science. UNMASQUE is an easy-to-use graphical tool for non-invasively and efficiently extracting SQL queries that are hidden in black-box executables. It is written entirely in Python 3 and is operational on the PostgreSQL and Microsoft SQL Server database engines.

The problem of unmasking SQL queries hidden within database applications has a variety of use-cases ranging from legacy code to server security. To address this problem, we have developed UNMASQUE, an extraction algorithm that is capable of identifying a substantive class of hidden SPJGAOL queries. A special feature of our design is that the extraction is non-invasive with respect to the application code, examining only the results obtained from its executions on databases derived with a combination of data mutation and data generation techniques. Further, potent optimizations, such as database size reduction to a few rows, are incorporated to minimize the extraction overheads. A detailed evaluation over benchmark databases demonstrates that UNMASQUE is capable of correctly and efficiently extracting complex hidden queries.

Technical Report pdf

Demo Video

Email: haritsa [AT] iisc [dot] ac [dot] in

Primary Contributors (in chronological order of participation)