def initCase(switches=None): global failedItem failedItem = None paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp(prefix="sqlmaptest-") paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") logger.debug("using output directory '%s' for this test case" % paths.SQLMAP_OUTPUT_PATH) cmdLineOptions = cmdLineParser() cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False if switches: for key, value in switches.items(): if key in cmdLineOptions.__dict__: cmdLineOptions.__dict__[key] = value init(cmdLineOptions, True) conf.verbose = 0 setVerbosity()
child.tagName, value) if case.getElementsByTagName("parse"): for item in case.getElementsByTagName( "parse")[0].getElementsByTagName("item"): if item.hasAttribute("value"): value = replaceVars(item.getAttribute("value"), vars_) if item.hasAttribute("console_output"): parse_from_console_output = bool( item.getAttribute("console_output")) parse.append((value, parse_from_console_output)) conf.verbose = global_.get("verbose", 1) setVerbosity() msg = "running live test case: %s (%d/%d)" % (name, count, length) logger.info(msg) initCase(switches, count) test_case_fd = codecs.open( os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING) test_case_fd.write("%s\n" % name) try: result = runCase(parse) except SqlmapNotVulnerableException: vulnerable = False
def liveTest(): """ Runs the test of a program against the live testing environment """ retVal = True count = 0 global_ = {} vars_ = {} livetests = readXmlFile(paths.LIVE_TESTS_XML) length = len(livetests.getElementsByTagName("case")) element = livetests.getElementsByTagName("global") if element: for item in element: for child in item.childNodes: if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): global_[child.tagName] = adjustValueType(child.tagName, child.getAttribute("value")) element = livetests.getElementsByTagName("vars") if element: for item in element: for child in item.childNodes: if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): var = child.getAttribute("value") vars_[child.tagName] = randomStr(6) if var == "random" else var for case in livetests.getElementsByTagName("case"): parse_from_console_output = False count += 1 name = None parse = [] switches = dict(global_) value = "" vulnerable = True result = None if case.hasAttribute("name"): name = case.getAttribute("name") if conf.runCase and ((conf.runCase.isdigit() and conf.runCase != count) or not re.search(conf.runCase, name, re.DOTALL)): continue if case.getElementsByTagName("switches"): for child in case.getElementsByTagName("switches")[0].childNodes: if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): value = replaceVars(child.getAttribute("value"), vars_) switches[child.tagName] = adjustValueType(child.tagName, value) if case.getElementsByTagName("parse"): for item in case.getElementsByTagName("parse")[0].getElementsByTagName("item"): if item.hasAttribute("value"): value = replaceVars(item.getAttribute("value"), vars_) if item.hasAttribute("console_output"): parse_from_console_output = bool(item.getAttribute("console_output")) parse.append((value, parse_from_console_output)) conf.verbose = global_.get("verbose", 1) setVerbosity() #设置sqlmap输出信息的显示等级 msg = "running live test case: %s (%d/%d)" % (name, count, length) logger.info(msg) initCase(switches, count) test_case_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING) test_case_fd.write("%s\n" % name) try: result = runCase(parse) except SqlmapNotVulnerableException: vulnerable = False finally: conf.verbose = global_.get("verbose", 1) setVerbosity() if result is True: logger.info("test passed") cleanCase() else: errMsg = "test failed" if Failures.failedItems: errMsg += " at parsing items: %s" % ", ".join(i for i in Failures.failedItems) errMsg += " - scan folder: %s" % paths.SQLMAP_OUTPUT_PATH errMsg += " - traceback: %s" % bool(Failures.failedTraceBack) if not vulnerable: errMsg += " - SQL injection not detected" logger.error(errMsg) test_case_fd.write("%s\n" % errMsg) if Failures.failedParseOn: console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING) console_output_fd.write(Failures.failedParseOn) console_output_fd.close() if Failures.failedTraceBack: traceback_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "traceback"), "wb", UNICODE_ENCODING) traceback_fd.write(Failures.failedTraceBack) traceback_fd.close() beep() if conf.stopFail is True: return retVal test_case_fd.close() retVal &= bool(result) dataToStdout("\n") if retVal: logger.info("live test final result: PASSED") else: logger.error("live test final result: FAILED") return retVal
def cleanCase(): shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True) conf.verbose = 1 setVerbosity()