def test_obfuscate_insert(self):
config = {
"tables": {
"users": {
"title": { "type": "fixed", "value": ["Mr", "Mrs", "Miss"] },
"name": { "type": "name" },
"email": { "type": "email" },
"phone": { "type": "mobile" },
"password": { "type": "fixed", "value": "some known hash" },
}
}
}
insrt = ("INSERT INTO `users` (`title`,`name`,`password`,`email`,`phone`,`account_no`) VALUES "
+ "('Mr','Adam Smith','Secret','*****@*****.**','01784123456','9999999999'),"
+ "('Mrs','Julie Jones','Password','*****@*****.**','01784123456','1111111111');")
obfuscate = py_obfuscator.Obfuscator(config)
mysqlInsert = mysql.InsertStatement(insrt)
obfuscate.obfuscate_insert_statement(mysqlInsert)
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("name"), "Adam Smith")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("password"), "Secret")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("email"), "*****@*****.**")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("phone"), " 01784123456")
self.assertEqual(mysqlInsert.get_inserts()[0].get("account_no"), "9999999999")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("name"), "Julie Jones")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("password"), "Password")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("email"), "*****@*****.**")
self.assertNotEqual(mysqlInsert.get_inserts()[0].get("phone"), " 01784123456")
self.assertEqual(mysqlInsert.get_inserts()[1].get("account_no"), "1111111111")
def test_unless_row_matches(self):
config = {
"tables": {
"users": {
"password": {
"type": "fixed",
"value": "replaced",
"unless": {"username": "******"}
},
}
}
}
insrt = ("INSERT INTO `users` (`username`,`password`) VALUES "
+ "('asmith','$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy'),"
+ "('admin','$2a$04$Lzns3sQdgXKaDIguDlqX4uqemS4rZHabwQnNAIra.MXpcIX.1N3Yy'),"
+ "('jjulie','$2a$04$m9bdaJ1.aArg0YwK5oIP4ewoSFIlaVtIOVOoVapKx4F4.Dpt0KnGK');")
obfuscate = py_obfuscator.Obfuscator(config)
mysqlInsert = mysql.InsertStatement(insrt)
obfuscate.obfuscate_insert_statement(mysqlInsert)
self.assertEqual(mysqlInsert.get_inserts()[0].get("password"), 'replaced')
self.assertEqual(mysqlInsert.get_inserts()[1].get("password"), '$2a$04$Lzns3sQdgXKaDIguDlqX4uqemS4rZHabwQnNAIra.MXpcIX.1N3Yy')
self.assertEqual(mysqlInsert.get_inserts()[2].get("password"), 'replaced')
def test_with_empty_values(self):
fixture = "INSERT INTO `some_table` (thing1,thing2) VALUES (0, NULL), ('',' ');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.get_inserts(), [{
'thing1': '0',
'thing2': None
}, {
'thing1': '',
'thing2': ' '
}])
def test_with_null_values(self):
fixture = "INSERT INTO `some_table` (thing1,thing2) VALUES ('NULL', NULL), (NULL,NULL);"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.get_inserts(), [{
'thing1': 'NULL',
'thing2': None
}, {
'thing1': None,
'thing2': None
}])
def test_with_quoted_parenthesis(self):
fixture = "INSERT INTO `some_table` (thing1,thing2) VALUES ('(()()())', 'something'), (')(', '()');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.get_inserts(), [{
'thing1': '(()()())',
'thing2': "something"
}, {
'thing1': ')(',
'thing2': "()"
}])
def test_extract_inserts(self):
fixture = "INSERT INTO `foo` (`bar`, `baz`, `qux`) VALUES (1, 'one','one'),(2, 'two','two');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.get_inserts(), [{
'bar': '1',
'baz': 'one',
'qux': 'one'
}, {
'bar': '2',
'baz': 'two',
'qux': 'two'
}])
def test_with_escaped_characters(self):
fixture = "INSERT INTO `some_table` (thing1,thing2) VALUES ('bob,@bob.c , om', 'bo\\', b'), ('hi', 5) ;"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.get_inserts(), [
{
'thing1': 'bob,@bob.c , om',
'thing2': "bo', b"
},
{
'thing1': 'hi',
'thing2': '5'
},
])
def test_table_truncated(self):
config = {
"tables": {
"users": {"truncate": True}
}
}
insrt = ("INSERT INTO `users` (`username`,`password`) VALUES "
+ "('asmith','$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy'),"
+ "('admin','$2a$04$Lzns3sQdgXKaDIguDlqX4uqemS4rZHabwQnNAIra.MXpcIX.1N3Yy'),"
+ "('jjulie','$2a$04$m9bdaJ1.aArg0YwK5oIP4ewoSFIlaVtIOVOoVapKx4F4.Dpt0KnGK');")
obfuscate = py_obfuscator.Obfuscator(config)
mysqlInsert = mysql.InsertStatement(insrt)
obfuscate.obfuscate_insert_statement(mysqlInsert)
self.assertEqual(mysqlInsert.to_string(), "")
def test_order_preserved(self):
config = {
"tables": {
"foo": {
"postcode": {"type":"fixed","value":"postcode"},
"name": {"type":"fixed","value":"name"},
"phone": {"type":"fixed","value":"phone"},
"email": {"type":"fixed","value":"email"},
"accountno": {"type":"fixed","value":"accountno"}
}
}
}
insrt = "INSERT INTO `foo` (`oo_id`, `name`, `postcode`, `phone`, `email`, `accountno`, `formtype`) VALUES (1124793,NULL,NULL,NULL,NULL,NULL,NULL);"
obfuscate = py_obfuscator.Obfuscator(config)
mysqlInsert = mysql.InsertStatement(insrt)
obfuscate.obfuscate_insert_statement(mysqlInsert)
self.assertEqual(
mysqlInsert.to_string(),
"INSERT INTO `foo` (`oo_id`,`name`,`postcode`,`phone`,`email`,`accountno`,`formtype`) VALUES ('1124793','name','postcode','phone','email','accountno',NULL);"
)
def test_to_string_handles_null(self):
fixture = "INSERT INTO `some_table` (`thing1`,`thing2`) VALUES ('NULL',NULL),(NULL,NULL),('',' ');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.to_string(), fixture)
def test_to_string_tidies_up_sql(self):
fixture = "INSERT INTO `some_table` (thing1,thing2) VALUES ('bob,@bob.c , om', 'bo\\', b'), ('hi', 5) ;"
expected = "INSERT INTO `some_table` (`thing1`,`thing2`) VALUES ('bob,@bob.c , om','bo\\', b'),('hi','5');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.to_string(), expected)
def test_to_string_with_escaped_characters(self):
fixture = fixture = "INSERT INTO `foo` (`bar`,`baz`,`qux`) VALUES ('o\\'brien','one','one'),('2','two','two');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.to_string(), fixture)
def test_to_string(self):
fixture = fixture = "INSERT INTO `foo` (`bar`,`baz`,`qux`) VALUES ('1','one','one'),('2','two','two');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.to_string(), fixture)
def test_extrac_insert_details(self):
fixture = "INSERT INTO `foo` (`bar`, `baz`, `qux`) VALUES (1, 'one','one'),(2, 'two','two');"
#self.assertEqual(mysql.is_insert(fixture), False)
mysqlInsert = mysql.InsertStatement(fixture)
def test_to_string_handles_parenthesis(self):
fixture = "INSERT INTO `some_table` (`thing1`,`thing2`) VALUES ('(()()())','something'),(')(','()');"
mysqlInsert = mysql.InsertStatement(fixture)
self.assertEqual(mysqlInsert.to_string(), fixture)