def test_sqlinject_update(self):
'''sql注入特征库规则-编辑'''
name = sqlinject.sqlinject_dict['update_diy_rule']['body']['chsName']
id = SqlInject_Case.sqlinject_add(name=name) # 新增-查询
SqlInject_Case.update_rule(id=id) # 编辑
LOG.info('启用验证成功,等待删除。。。')
SqlInject_Case.sqlinject_del_rule(name=name)
def sqlinject_select(byparam, param):
'''
查询
'''
LOG.info('开始查询。。。')
sqlinject.sqlinject_select(byparam=byparam, param=param)
LOG.info('结束查询!')
def load(text):
try:
result = json.loads(text)
return result
except Exception as e:
LOG.info('异常:响应结果非json格式')
LOG.info(e)
def nopage(self):
try:
response = api_request(api_url=self.param_dict['nopage']['uri'],
method=self.param_dict['nopage']['method'])
return response
except Exception as e:
LOG.info(e)
def update(self,
dispose=None,
featuresStatus=None,
virStatus=None,
id=None,
dataMaskStatusOM=None):
try:
if dispose != None:
self.param_dict['update']['body']['rule']['dispose'] = dispose
if featuresStatus != None:
self.param_dict['update']['body'][
'featuresStatus'] = featuresStatus
if dataMaskStatusOM != None:
self.param_dict['update']['body'][
'dataMaskStatusOM'] = dataMaskStatusOM
if virStatus != None:
self.param_dict['update']['body']['virStatus'] = virStatus
self.param_dict['update']['body']['dbIds'][0] = int(id)
response = api_request(api_url=self.param_dict['update']['url'],
headers=self.param_dict['update']['header'],
method=self.param_dict['update']['method'],
payload=self.param_dict['update']['body'])
return response
except Exception as e:
LOG.info(e)
def virtual_select(byparam, param):
'''
查询
'''
LOG.info('开始查询。。。')
virtualpatch.virtual_select(byparam=byparam, param=param)
LOG.info('结束查询!')
def diy_rule_add(self,
dbType=None,
name=None,
risk_level=None,
status=None,
ruleType=None):
param = self.param_dict['add_diy_rule']
if dbType != None:
if dbType == "dm":
param['body']['dbType'] = "dameng"
else:
param['body']['dbType'] = dbType
if name != None:
param['body']['chsName'] = name
if risk_level != None:
param['body']['riskLevel'] = risk_level
if ruleType != None:
param['body']['ruleType'] = ruleType
if status != None:
param['body']['vpStatus'] = status
try:
response = api_request(api_url=param['url'],
headers=param['header'],
method=param['method'],
payload=param['body'])
return response
except Exception as e:
LOG.info(e)
def virtualpatch_check_rule(isAll=None,
name=None,
risk_level=None,
status=None,
ruleType=None,
dbtype=None,
sql=None,
rulename=None,
cn_risk_level=None,
cn_res_behavior=None):
if isAll == 1:
virtual_add(name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
elif isAll == 2:
virtual_add(dbType=dbtype,
name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
time.sleep(10)
LOG.info('%s执行sql。。。' % (dbtype))
if dbtype in ['hive', 'dm']:
commen.jdbcConnect(dbtype, sql, isexcept=None)
else:
sql_execute.exec_select(dbtype, sql)
sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def setUp(self):
self.sqllist = commen.PutsqlNum()
self.ruler_name = commen.PutsqlName("db2_")
LOG.info("规则名称:%s" % self.ruler_name)
LOG.info("SQL语句:%s" % self.sqllist)
self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'],
dbservice.select_dbservice_byname(gp.run_db["db2"]))
self.sensitiveway = SensitiveWay()
def view_rule(name, id):
'''
查看
:param id:自定义规则id
'''
LOG.info('开始查看。。。')
sqlinject.view_rule(name=name, id=id)
LOG.info('查看结束。。。')
def execsql_rule(dbtype, sql, rulename, cn_risk_level, cn_res_behavior):
LOG.info('%s执行sql。。。' % (dbtype))
if dbtype in ['hive', 'dm']:
sql = '"%s"' % (sql)
commen.jdbcConnect(dbtype, sql, isexcept=None)
else:
sql_execute.exec_select(dbtype, sql)
sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def view_rule(self, id):
try:
param = self.param_dict['view_diy_rule']
response = api_request(api_url=param['url'] + str(id),
headers=param['header'],
method=param['method'])
return response
except Exception as e:
LOG.info(e)
def select_rule(self, byparam, param):
try:
Param = self.param_dict['select_diy_rule']
response = api_request(api_url=Param['urlParam'][byparam] % param,
headers=Param['header'],
method=Param['method'])
return response
except Exception as e:
LOG.info(e)
def update_runmode(dbname, runmode):
'''
编辑数据库模式
:param dbname:数据库名称
'''
id = dbservice.select_dbservice_byname(dbname)
LOG.info('开始编辑。。。')
dbservice.update_service(dbname, id, runmode)
LOG.info('编辑结束。。。')
def test_sqlinject_sqlserver_simulate(self):
'''sql注入特征库sqlserver模拟模式'''
sql = 'select * from %s group by id having 1=1' % (commen.PutsqlName('users'))
DBService_Case.update_runmode(dbname=sqlserver_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('sqlserver切换模式模拟。。。')
sql_execute.exec_select(dbtype='sqlserver', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]HAVING数字型永真注入', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_db2_simulate(self):
'''sql注入特征库db2模拟模式'''
sql='select * from %s where username="******" or 1=1'%(commen.PutsqlName('user_role_privs'))
DBService_Case.update_runmode(dbname=db2_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('db2切换模式模拟。。。')
sql_execute.exec_select(dbtype='db2', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def setUp(self):
self.dbtable = commen.PutsqlName("dbtable_")
self.sqllist = "SELECT * FROM " + self.dbtable
self.ruler_name = commen.PutsqlName("dm_")
LOG.info("规则名称:%s" % self.ruler_name)
LOG.info("SQL语句:%s" % self.sqllist)
self.sensql = SensitiveSql(
self.ruler_name, GlobalConfig.db_type_['dm'],
dbservice.select_dbservice_byname(gp.run_db['dm']))
self.sensitiveway = SensitiveWay()
def test_sqlinject_sel_stop(self):
'''sql注入特征库-停用'''
id = SqlInject_Case.sqlinject_add(
name=self.name, status=self.param['vpStatus'][2]) # 新增-查询
LOG.info('开始停用。。。')
SqlInject_Case.sqlinject_startORstop_rule(operate='stop',
id=id,
param=self.name) # 停用
LOG.info('停用结束。。。')
SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_sel_start(self):
'''sql注入特征库查询-启用'''
id = SqlInject_Case.sqlinject_add(
name=self.name, status=self.param['vpStatus'][1]) # 新增-查询
LOG.info('开始启用。。。')
SqlInject_Case.sqlinject_startORstop_rule(operate='start',
id=id,
param=self.name) # 启用
LOG.info('启用结束。。。')
SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_oracle_simulate(self):
'''sql注入特征库oracle模拟模式'''
sql = 'select * from * where %s=1 or 1=1' % (commen.PutsqlName('password'))
DBService_Case.update_runmode(dbname=oracle_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('oracle切换模式模拟。。。')
sql_execute.exec_select(dbtype='oracle', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_mysql_simulate(self):
'''sql注入特征库mysql模拟模式'''
sel_sql = commen.PutsqlName('users')
sql = 'select * from ' + sel_sql + ' where user="******" union select aaa from bbb #'
DBService_Case.update_runmode(dbname=mysql_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('mysql切换模式模拟。。。')
sql_execute.exec_select(dbtype='mysql', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]SELECT FROM LIMIT 注入', sql=sel_sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_gbase_learn(self):
'''sql注入特征库gbase学习模式'''
key = commen.PutsqlName('user_role_privs')
sql = 'select * from %s where username="******" or 1=1' % (key)
DBService_Case.update_runmode(dbname=gbase_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['学习'])
time.sleep(10)
LOG.info('gbase切换模式学习。。。')
sql_execute.exec_select(dbtype='gbase_s83', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=key, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def setUp(self):
self.dbtable = commen.PutsqlName("dbtable_")
sql_execute.db2_create_table('db2', self.dbtable)
self.sqllist = "SELECT * FROM " + self.dbtable
self.ruler_name = commen.PutsqlName("db2_")
LOG.info("规则名称:%s" % self.ruler_name)
LOG.info("SQL语句:%s" % self.sqllist)
self.sensql = SensitiveSql(
self.ruler_name, GlobalConfig.db_type_['DB2'],
dbservice.select_dbservice_byname(gp.run_db["db2"]))
self.sensitiveway = SensitiveWay()
def check_sql(rulename=None,
sql=None,
risk_level=None,
res_behavior=None,
audit=None):
check_dict = {"kw": '', "sqltext": sql}
LOG.info(sql)
rs_html = commen.shenji_check(searchinfo=check_dict,
target=rulename.upper())
assert res_behavior in rs_html, '响应行为匹配失败'
assert risk_level in rs_html, '风险等级匹配失败'
if audit is not None:
assert audit in rs_html, '审计级别匹配失败'
def operate_rule(self, operate, id):
try:
self.param_dict['mutiOperate_diy_rule']['body'][operate][
'ids'].append(id)
param = self.param_dict['mutiOperate_diy_rule']
response = api_request(api_url=param['url'],
headers=param['header'],
method=param['method'],
payload=param['body'][operate])
return response
except Exception as e:
LOG.info(e)
pass
def update_switch(dispose=None,
featuresStatus=None,
virStatus=None,
name=None,
dataMaskStatusOM=None):
id = dbservice.select_dbservice_byname(name=name)
LOG.info('编辑开关开始。。。')
dbsecurityconf.update_switch(dispose=dispose,
featuresStatus=featuresStatus,
virStatus=virStatus,
id=id,
dataMaskStatusOM=dataMaskStatusOM)
LOG.info('编辑开关开始结束。。。')
def test_virtual_oracle_simulate(self):
'''漏洞特征库oracle模拟模式'''
key = commen.PutsqlName('DUAL')
sql = "SELECT XDB.DBMS_XMLSCHEMA.GENERATESCHEMA ('a', 'ABCD' || chr(212)||chr(100)||chr(201)||chr(01)chr(32)||'echo ARE YOU SURE? >c:\\Unbreakable.txt') FROM %s" % (
key)
DBService_Case.update_runmode(
dbname=oracle_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(15)
LOG.info('oracle切换模式模拟。。。')
sql_execute.exec_select(dbtype='oracle', sql=sql)
sqlinject.check_sql(rulename='[漏洞风险]ORACLE DBMS绕过登录访问控制漏洞',
sql=key,
risk_level=param['风险级别']['极高'],
res_behavior=param['响应行为']['模拟阻断'])
def create_DB(dbnameList):
for name in dbnameList:
num = dbservice.select_dbservice_bynullname(name)
if num == 0:
LOG.info('开始创建%s数据库服务。。。' % (name))
dbservice.create_dbservice(name)
LOG.info('开始启用%s数据库服务。。。' % (name))
id = dbservice.select_dbservice_byname(name)
dbservice.startOrstop_dbservice(id, mode=1)
LOG.info('启用%s数据库服务成功' % (name))
else:
LOG.info(name + '数据库服务已存在')
time.sleep(30)
def select(self, dbname=None, featuresStatus=None, virStatus=None):
response = None
try:
if dbname != None and featuresStatus == None and virStatus == None:
response = api_request(
api_url=self.param_dict['select']['uri']['dbname'] +
dbname,
method=self.param_dict['select']['method'])
if featuresStatus != None and dbname == None and virStatus == None:
response = api_request(
api_url=self.param_dict['select']['uri']['featuresStatus']
+ str(featuresStatus),
method=self.param_dict['select']['method'])
if virStatus != None and featuresStatus == None and dbname == None:
response = api_request(
api_url=self.param_dict['select']['uri']['virStatus'] +
str(virStatus),
method=self.param_dict['select']['method'])
return response
except Exception as e:
LOG.info(e)
def virtualpatch_del_rule(name):
'''
删除
'''
LOG.info('开始删除。。。')
id = virtualpatch.virtual_select(byparam='byname', param=name)
sqlinject.operate_rule(operate='delete', id=id)
LOG.info('删除结束,开始查询。。。')
virtualpatch.virtual_select_bynullname(byparam='byname', param=name)
LOG.info('删除成功')