def test_sqlinject_update(self): '''sql注入特征库规则-编辑''' name = sqlinject.sqlinject_dict['update_diy_rule']['body']['chsName'] id = SqlInject_Case.sqlinject_add(name=name) # 新增-查询 SqlInject_Case.update_rule(id=id) # 编辑 LOG.info('启用验证成功,等待删除。。。') SqlInject_Case.sqlinject_del_rule(name=name)
def sqlinject_select(byparam, param): ''' 查询 ''' LOG.info('开始查询。。。') sqlinject.sqlinject_select(byparam=byparam, param=param) LOG.info('结束查询!')
def load(text): try: result = json.loads(text) return result except Exception as e: LOG.info('异常:响应结果非json格式') LOG.info(e)
def nopage(self): try: response = api_request(api_url=self.param_dict['nopage']['uri'], method=self.param_dict['nopage']['method']) return response except Exception as e: LOG.info(e)
def update(self, dispose=None, featuresStatus=None, virStatus=None, id=None, dataMaskStatusOM=None): try: if dispose != None: self.param_dict['update']['body']['rule']['dispose'] = dispose if featuresStatus != None: self.param_dict['update']['body'][ 'featuresStatus'] = featuresStatus if dataMaskStatusOM != None: self.param_dict['update']['body'][ 'dataMaskStatusOM'] = dataMaskStatusOM if virStatus != None: self.param_dict['update']['body']['virStatus'] = virStatus self.param_dict['update']['body']['dbIds'][0] = int(id) response = api_request(api_url=self.param_dict['update']['url'], headers=self.param_dict['update']['header'], method=self.param_dict['update']['method'], payload=self.param_dict['update']['body']) return response except Exception as e: LOG.info(e)
def virtual_select(byparam, param): ''' 查询 ''' LOG.info('开始查询。。。') virtualpatch.virtual_select(byparam=byparam, param=param) LOG.info('结束查询!')
def diy_rule_add(self, dbType=None, name=None, risk_level=None, status=None, ruleType=None): param = self.param_dict['add_diy_rule'] if dbType != None: if dbType == "dm": param['body']['dbType'] = "dameng" else: param['body']['dbType'] = dbType if name != None: param['body']['chsName'] = name if risk_level != None: param['body']['riskLevel'] = risk_level if ruleType != None: param['body']['ruleType'] = ruleType if status != None: param['body']['vpStatus'] = status try: response = api_request(api_url=param['url'], headers=param['header'], method=param['method'], payload=param['body']) return response except Exception as e: LOG.info(e)
def virtualpatch_check_rule(isAll=None, name=None, risk_level=None, status=None, ruleType=None, dbtype=None, sql=None, rulename=None, cn_risk_level=None, cn_res_behavior=None): if isAll == 1: virtual_add(name=name, risk_level=risk_level, status=status, ruleType=ruleType) elif isAll == 2: virtual_add(dbType=dbtype, name=name, risk_level=risk_level, status=status, ruleType=ruleType) time.sleep(10) LOG.info('%s执行sql。。。' % (dbtype)) if dbtype in ['hive', 'dm']: commen.jdbcConnect(dbtype, sql, isexcept=None) else: sql_execute.exec_select(dbtype, sql) sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def setUp(self): self.sqllist = commen.PutsqlNum() self.ruler_name = commen.PutsqlName("db2_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'], dbservice.select_dbservice_byname(gp.run_db["db2"])) self.sensitiveway = SensitiveWay()
def view_rule(name, id): ''' 查看 :param id:自定义规则id ''' LOG.info('开始查看。。。') sqlinject.view_rule(name=name, id=id) LOG.info('查看结束。。。')
def execsql_rule(dbtype, sql, rulename, cn_risk_level, cn_res_behavior): LOG.info('%s执行sql。。。' % (dbtype)) if dbtype in ['hive', 'dm']: sql = '"%s"' % (sql) commen.jdbcConnect(dbtype, sql, isexcept=None) else: sql_execute.exec_select(dbtype, sql) sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def view_rule(self, id): try: param = self.param_dict['view_diy_rule'] response = api_request(api_url=param['url'] + str(id), headers=param['header'], method=param['method']) return response except Exception as e: LOG.info(e)
def select_rule(self, byparam, param): try: Param = self.param_dict['select_diy_rule'] response = api_request(api_url=Param['urlParam'][byparam] % param, headers=Param['header'], method=Param['method']) return response except Exception as e: LOG.info(e)
def update_runmode(dbname, runmode): ''' 编辑数据库模式 :param dbname:数据库名称 ''' id = dbservice.select_dbservice_byname(dbname) LOG.info('开始编辑。。。') dbservice.update_service(dbname, id, runmode) LOG.info('编辑结束。。。')
def test_sqlinject_sqlserver_simulate(self): '''sql注入特征库sqlserver模拟模式''' sql = 'select * from %s group by id having 1=1' % (commen.PutsqlName('users')) DBService_Case.update_runmode(dbname=sqlserver_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['模拟']) time.sleep(10) LOG.info('sqlserver切换模式模拟。。。') sql_execute.exec_select(dbtype='sqlserver', sql=sql) sqlinject.check_sql(rulename='[SQL注入]HAVING数字型永真注入', sql=sql, risk_level=param['风险级别']['高'], res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_db2_simulate(self): '''sql注入特征库db2模拟模式''' sql='select * from %s where username="******" or 1=1'%(commen.PutsqlName('user_role_privs')) DBService_Case.update_runmode(dbname=db2_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['模拟']) time.sleep(10) LOG.info('db2切换模式模拟。。。') sql_execute.exec_select(dbtype='db2', sql=sql) sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'], res_behavior=param['响应行为']['模拟阻断'])
def setUp(self): self.dbtable = commen.PutsqlName("dbtable_") self.sqllist = "SELECT * FROM " + self.dbtable self.ruler_name = commen.PutsqlName("dm_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['dm'], dbservice.select_dbservice_byname(gp.run_db['dm'])) self.sensitiveway = SensitiveWay()
def test_sqlinject_sel_stop(self): '''sql注入特征库-停用''' id = SqlInject_Case.sqlinject_add( name=self.name, status=self.param['vpStatus'][2]) # 新增-查询 LOG.info('开始停用。。。') SqlInject_Case.sqlinject_startORstop_rule(operate='stop', id=id, param=self.name) # 停用 LOG.info('停用结束。。。') SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_sel_start(self): '''sql注入特征库查询-启用''' id = SqlInject_Case.sqlinject_add( name=self.name, status=self.param['vpStatus'][1]) # 新增-查询 LOG.info('开始启用。。。') SqlInject_Case.sqlinject_startORstop_rule(operate='start', id=id, param=self.name) # 启用 LOG.info('启用结束。。。') SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_oracle_simulate(self): '''sql注入特征库oracle模拟模式''' sql = 'select * from * where %s=1 or 1=1' % (commen.PutsqlName('password')) DBService_Case.update_runmode(dbname=oracle_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['模拟']) time.sleep(10) LOG.info('oracle切换模式模拟。。。') sql_execute.exec_select(dbtype='oracle', sql=sql) sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'], res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_mysql_simulate(self): '''sql注入特征库mysql模拟模式''' sel_sql = commen.PutsqlName('users') sql = 'select * from ' + sel_sql + ' where user="******" union select aaa from bbb #' DBService_Case.update_runmode(dbname=mysql_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['模拟']) time.sleep(10) LOG.info('mysql切换模式模拟。。。') sql_execute.exec_select(dbtype='mysql', sql=sql) sqlinject.check_sql(rulename='[SQL注入]SELECT FROM LIMIT 注入', sql=sel_sql, risk_level=param['风险级别']['高'], res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_gbase_learn(self): '''sql注入特征库gbase学习模式''' key = commen.PutsqlName('user_role_privs') sql = 'select * from %s where username="******" or 1=1' % (key) DBService_Case.update_runmode(dbname=gbase_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['学习']) time.sleep(10) LOG.info('gbase切换模式学习。。。') sql_execute.exec_select(dbtype='gbase_s83', sql=sql) sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=key, risk_level=param['风险级别']['高'], res_behavior=param['响应行为']['模拟阻断'])
def setUp(self): self.dbtable = commen.PutsqlName("dbtable_") sql_execute.db2_create_table('db2', self.dbtable) self.sqllist = "SELECT * FROM " + self.dbtable self.ruler_name = commen.PutsqlName("db2_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['DB2'], dbservice.select_dbservice_byname(gp.run_db["db2"])) self.sensitiveway = SensitiveWay()
def check_sql(rulename=None, sql=None, risk_level=None, res_behavior=None, audit=None): check_dict = {"kw": '', "sqltext": sql} LOG.info(sql) rs_html = commen.shenji_check(searchinfo=check_dict, target=rulename.upper()) assert res_behavior in rs_html, '响应行为匹配失败' assert risk_level in rs_html, '风险等级匹配失败' if audit is not None: assert audit in rs_html, '审计级别匹配失败'
def operate_rule(self, operate, id): try: self.param_dict['mutiOperate_diy_rule']['body'][operate][ 'ids'].append(id) param = self.param_dict['mutiOperate_diy_rule'] response = api_request(api_url=param['url'], headers=param['header'], method=param['method'], payload=param['body'][operate]) return response except Exception as e: LOG.info(e) pass
def update_switch(dispose=None, featuresStatus=None, virStatus=None, name=None, dataMaskStatusOM=None): id = dbservice.select_dbservice_byname(name=name) LOG.info('编辑开关开始。。。') dbsecurityconf.update_switch(dispose=dispose, featuresStatus=featuresStatus, virStatus=virStatus, id=id, dataMaskStatusOM=dataMaskStatusOM) LOG.info('编辑开关开始结束。。。')
def test_virtual_oracle_simulate(self): '''漏洞特征库oracle模拟模式''' key = commen.PutsqlName('DUAL') sql = "SELECT XDB.DBMS_XMLSCHEMA.GENERATESCHEMA ('a', 'ABCD' || chr(212)||chr(100)||chr(201)||chr(01)chr(32)||'echo ARE YOU SURE? >c:\\Unbreakable.txt') FROM %s" % ( key) DBService_Case.update_runmode( dbname=oracle_dict['objName'], runmode=db_dict['updatedbserver']['runmode']['模拟']) time.sleep(15) LOG.info('oracle切换模式模拟。。。') sql_execute.exec_select(dbtype='oracle', sql=sql) sqlinject.check_sql(rulename='[漏洞风险]ORACLE DBMS绕过登录访问控制漏洞', sql=key, risk_level=param['风险级别']['极高'], res_behavior=param['响应行为']['模拟阻断'])
def create_DB(dbnameList): for name in dbnameList: num = dbservice.select_dbservice_bynullname(name) if num == 0: LOG.info('开始创建%s数据库服务。。。' % (name)) dbservice.create_dbservice(name) LOG.info('开始启用%s数据库服务。。。' % (name)) id = dbservice.select_dbservice_byname(name) dbservice.startOrstop_dbservice(id, mode=1) LOG.info('启用%s数据库服务成功' % (name)) else: LOG.info(name + '数据库服务已存在') time.sleep(30)
def select(self, dbname=None, featuresStatus=None, virStatus=None): response = None try: if dbname != None and featuresStatus == None and virStatus == None: response = api_request( api_url=self.param_dict['select']['uri']['dbname'] + dbname, method=self.param_dict['select']['method']) if featuresStatus != None and dbname == None and virStatus == None: response = api_request( api_url=self.param_dict['select']['uri']['featuresStatus'] + str(featuresStatus), method=self.param_dict['select']['method']) if virStatus != None and featuresStatus == None and dbname == None: response = api_request( api_url=self.param_dict['select']['uri']['virStatus'] + str(virStatus), method=self.param_dict['select']['method']) return response except Exception as e: LOG.info(e)
def virtualpatch_del_rule(name): ''' 删除 ''' LOG.info('开始删除。。。') id = virtualpatch.virtual_select(byparam='byname', param=name) sqlinject.operate_rule(operate='delete', id=id) LOG.info('删除结束,开始查询。。。') virtualpatch.virtual_select_bynullname(byparam='byname', param=name) LOG.info('删除成功')