コード例 #1
0
ファイル: Func_dm_re_off.py プロジェクト: rcoons/python_api 
 def setUp(self):
     self.dbtable = commen.PutsqlName("dbtable_")
     self.sqllist = "SELECT * FROM " + self.dbtable
     self.ruler_name = commen.PutsqlName("dm_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(
         self.ruler_name, GlobalConfig.db_type_['dm'],
         dbservice.select_dbservice_byname(gp.run_db['dm']))
     self.sensitiveway = SensitiveWay()
コード例 #2
0
 def setUp(self):
     self.dbtable = commen.PutsqlName("dbtable_")
     sql_execute.db2_create_table('db2', self.dbtable)
     self.sqllist = "SELECT * FROM " + self.dbtable
     self.ruler_name = commen.PutsqlName("db2_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(
         self.ruler_name, GlobalConfig.db_type_['DB2'],
         dbservice.select_dbservice_byname(gp.run_db["db2"]))
     self.sensitiveway = SensitiveWay()
コード例 #3
0
 def setUp(self):
     self.sqllist = commen.PutsqlNum()
     self.ruler_name = commen.PutsqlName("db2_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'],
                                dbservice.select_dbservice_byname(gp.run_db["db2"]))
     self.sensitiveway = SensitiveWay()
コード例 #4
0
 def test_sqlinject_sqlserver_simulate(self):
     '''sql注入特征库sqlserver模拟模式'''
     sql = 'select * from %s group by id having 1=1' % (commen.PutsqlName('users'))
     DBService_Case.update_runmode(dbname=sqlserver_dict['objName'],
                                   runmode=db_dict['updatedbserver']['runmode']['模拟'])
     time.sleep(10)
     LOG.info('sqlserver切换模式模拟。。。')
     sql_execute.exec_select(dbtype='sqlserver', sql=sql)
     sqlinject.check_sql(rulename='[SQL注入]HAVING数字型永真注入', sql=sql, risk_level=param['风险级别']['高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #5
0
 def test_sqlinject_oracle_simulate(self):
     '''sql注入特征库oracle模拟模式'''
     sql = 'select * from * where %s=1 or 1=1' % (commen.PutsqlName('password'))
     DBService_Case.update_runmode(dbname=oracle_dict['objName'],
                                   runmode=db_dict['updatedbserver']['runmode']['模拟'])
     time.sleep(10)
     LOG.info('oracle切换模式模拟。。。')
     sql_execute.exec_select(dbtype='oracle', sql=sql)
     sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #6
0
 def test_sqlinject_db2_simulate(self):
     '''sql注入特征库db2模拟模式'''
     sql='select * from %s where username="******" or 1=1'%(commen.PutsqlName('user_role_privs'))
     DBService_Case.update_runmode(dbname=db2_dict['objName'],
                                   runmode=db_dict['updatedbserver']['runmode']['模拟'])
     time.sleep(10)
     LOG.info('db2切换模式模拟。。。')
     sql_execute.exec_select(dbtype='db2', sql=sql)
     sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #7
0
 def test_sqlinject_mysql_simulate(self):
     '''sql注入特征库mysql模拟模式'''
     sel_sql = commen.PutsqlName('users')
     sql = 'select * from ' + sel_sql + ' where user="******" union select aaa from bbb #'
     DBService_Case.update_runmode(dbname=mysql_dict['objName'],
                                   runmode=db_dict['updatedbserver']['runmode']['模拟'])
     time.sleep(10)
     LOG.info('mysql切换模式模拟。。。')
     sql_execute.exec_select(dbtype='mysql', sql=sql)
     sqlinject.check_sql(rulename='[SQL注入]SELECT FROM LIMIT 注入', sql=sel_sql, risk_level=param['风险级别']['高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #8
0
 def test_sqlinject_gbase_learn(self):
     '''sql注入特征库gbase学习模式'''
     key = commen.PutsqlName('user_role_privs')
     sql = 'select * from %s where username="******" or 1=1' % (key)
     DBService_Case.update_runmode(dbname=gbase_dict['objName'],
                                   runmode=db_dict['updatedbserver']['runmode']['学习'])
     time.sleep(10)
     LOG.info('gbase切换模式学习。。。')
     sql_execute.exec_select(dbtype='gbase_s83', sql=sql)
     sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=key, risk_level=param['风险级别']['高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #9
0
 def test_virtual_oracle_simulate(self):
     '''漏洞特征库oracle模拟模式'''
     key = commen.PutsqlName('DUAL')
     sql = "SELECT XDB.DBMS_XMLSCHEMA.GENERATESCHEMA ('a', 'ABCD' || chr(212)||chr(100)||chr(201)||chr(01)chr(32)||'echo ARE YOU SURE? >c:\\Unbreakable.txt') FROM %s" % (
         key)
     DBService_Case.update_runmode(
         dbname=oracle_dict['objName'],
         runmode=db_dict['updatedbserver']['runmode']['模拟'])
     time.sleep(15)
     LOG.info('oracle切换模式模拟。。。')
     sql_execute.exec_select(dbtype='oracle', sql=sql)
     sqlinject.check_sql(rulename='[漏洞风险]ORACLE DBMS绕过登录访问控制漏洞',
                         sql=key,
                         risk_level=param['风险级别']['极高'],
                         res_behavior=param['响应行为']['模拟阻断'])
コード例 #10
0
 def setUp(self):
     self.table_name = commen.PutsqlName('TABLE')
     self.sql = 'SELECT * FROM ' + self.table_name
     self.name = commen.PutsqlName('')
コード例 #11
0
 def setUp(self):
     self.name = commen.PutsqlName('')