Python run_query Examples

Programming Language: Python

Namespace/Package Name: fuzzer.database.postgres

Method/Function: run_query

Examples at hotexamples.com: 6

Python run_query - 6 examples found. These are the top rated real world Python examples of fuzzer.database.postgres.run_query extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

0

Show file

File: db.py Project: mruck/athena

def inject_xss_payload(text_cols):
    for table, cols in text_cols.items():
        cols = list(cols)
        num_cols = len(cols)
        cols = [
            col + """= CONCAT('<script>alert("BIP_',id,'")</script>')"""
            for col in cols
        ]
        cols = ",".join(cols)
        query = "UPDATE %s SET %s" % (table, cols)
        # Try running a query to update every record with an alert box and the id col
        postgres.run_query(query, can_fail=True)

Example #2

0

Show file

File: db.py Project: mruck/athena

def count_rows(table, query_str=""):
    count_query = build_count_query(table, query_str)
    count = postgres.run_query(count_query)
    if count is None or count["count"] == 0:
        with open(os.path.join(get_results_path(), "no_records.log"),
                  "a") as f:
            f.write(count_query + "\n")
        return 0
    else:
        return count["count"]

Example #3

0

Show file

File: db.py Project: mruck/athena

def lookup(table, col, query_str="", constraints=None, can_fail=False):
    count = count_rows(table, query_str=query_str)
    # There are no records that satisfy this query
    if count == 0:
        if query_str == "":
            # The table is empty, we can't make this query any simpler
            return None
        else:
            # Simplify the query and try again
            return lookup(table, col, query_str="")
    query = build_query(table, query_str, count)
    record = postgres.run_query(query)
    # count > 0. There should always be a record unless we are racy.
    assert record
    return impose_constraints(record[col], constraints)

Example #4

0

Show file

File: db.py Project: mruck/athena

def find_text_cols():
    # Get relevant tables
    good_tables = find_tables()
    # Get all column names
    query = "SELECT * FROM information_schema.columns"
    results = postgres.run_query(query, return_all_records=True)
    DATA_TYPE_INDEX = 27
    TABLE_INDEX = 2
    COL_INDEX = 3
    # Tables are keys. Values are a list of column names
    text_cols = {}
    for r in results:
        table = r[TABLE_INDEX]
        # We don't care about this table
        if table not in good_tables:
            continue
        data_type = r[DATA_TYPE_INDEX]
        if data_type in ["char", "_char", "varchar"]:
            col_name = r[COL_INDEX]
            if table in text_cols:
                text_cols[table].add(col_name)
            else:
                text_cols[table] = set([col_name])
    return text_cols

Example #5

0

Show file

File: db.py Project: mruck/athena

def table_col_exists(table, col):
    table = pluralize(table)
    query = ("SELECT column_name FROM information_schema.columns WHERE "
             "table_name='%s' AND column_name='%s'" % (table, col))
    return postgres.run_query(query)

Example #6

0

Show file

File: db.py Project: mruck/athena

def find_tables():
    query = "SELECT * FROM information_schema.tables WHERE table_schema NOT IN ('pg_catalog', 'information_schema')"
    results = postgres.run_query(query, return_all_records=True)
    TABLE_INDEX = 2
    tables = [t[TABLE_INDEX] for t in results]
    return tables