Alvor

Alvor is an analyzer that statically validates SQL sentences embedded in Java code. There has been some progress in the field of SQL validation since the analyzer was actively developed. As SQL-injection attacks are serious security risks, this is an important topic, so it would not be a bad idea to revive this project. Alvor is written in Java and runs as an Eclipse plug-in.

1. Basic update and case study (B.Sc)

For a B.Sc. thesis, it would suffice to just revive the project and make sure it works with recent versions of Eclipse and Java. It is also very important to first conduct a survey and look at other tools that do string-embedded SQL validation. The main task would be to conduct a simple case study of using the best tool for this job and see how well it works on some real-world open source project. You can then compare it to Alvor.

2. Adding support for multiple databases (M.Sc)

The main obstacle for the company that was interested in Alvor was the lack of support for multiple databases. It would be nice to be able to identify which query goes to which database, so that the syntactic checker produces sensible output. This will require fairly advanced Java programming skills as you will have to modify the internal engine and add some data flow analysis capabilities. It is recommended to first complete the first topic before jumping into this.