def virtualpatch_check_rule(isAll=None,
name=None,
risk_level=None,
status=None,
ruleType=None,
dbtype=None,
sql=None,
rulename=None,
cn_risk_level=None,
cn_res_behavior=None):
if isAll == 1:
virtual_add(name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
elif isAll == 2:
virtual_add(dbType=dbtype,
name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
time.sleep(10)
LOG.info('%s执行sql。。。' % (dbtype))
if dbtype in ['hive', 'dm']:
commen.jdbcConnect(dbtype, sql, isexcept=None)
else:
sql_execute.exec_select(dbtype, sql)
sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def returnCount(dbtype, au, rate, rulename, cn_risk_level, cn_res_behavior,
audit):
obj = Connection.Connnect()
obj.dbconnect(dbtype)
tabname = PutsqlName('')
sql = 'select * from ' + tabname
obj.exec('create table ' + tabname + '(id INT)')
if au == None:
for i in range(0, rate // 2):
obj.exec('insert into %s VALUES (2)' % (tabname))
obj.exec(sql)
obj.exec('drop table ' + tabname)
obj.close()
sqlinject.check_sql(rulename=' ',
sql=sql,
risk_level='风险级别:安全',
res_behavior='响应行为:通过')
else:
for i in range(0, rate + 10):
obj.exec('insert into %s VALUES (2)' % (tabname))
obj.exec(sql)
obj.exec('drop table ' + tabname)
obj.close()
sqlinject.check_sql(rulename, sql, cn_risk_level, cn_res_behavior,
audit)
def execsql_rule(dbtype, sql, rulename, cn_risk_level, cn_res_behavior):
LOG.info('%s执行sql。。。' % (dbtype))
if dbtype in ['hive', 'dm']:
sql = '"%s"' % (sql)
commen.jdbcConnect(dbtype, sql, isexcept=None)
else:
sql_execute.exec_select(dbtype, sql)
sqlinject.check_sql(rulename.upper(), sql, cn_risk_level, cn_res_behavior)
def test_sqlinject_sqlserver_simulate(self):
'''sql注入特征库sqlserver模拟模式'''
sql = 'select * from %s group by id having 1=1' % (commen.PutsqlName('users'))
DBService_Case.update_runmode(dbname=sqlserver_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('sqlserver切换模式模拟。。。')
sql_execute.exec_select(dbtype='sqlserver', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]HAVING数字型永真注入', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_oracle_simulate(self):
'''sql注入特征库oracle模拟模式'''
sql = 'select * from * where %s=1 or 1=1' % (commen.PutsqlName('password'))
DBService_Case.update_runmode(dbname=oracle_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('oracle切换模式模拟。。。')
sql_execute.exec_select(dbtype='oracle', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_db2_simulate(self):
'''sql注入特征库db2模拟模式'''
sql='select * from %s where username="******" or 1=1'%(commen.PutsqlName('user_role_privs'))
DBService_Case.update_runmode(dbname=db2_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('db2切换模式模拟。。。')
sql_execute.exec_select(dbtype='db2', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_mysql_simulate(self):
'''sql注入特征库mysql模拟模式'''
sel_sql = commen.PutsqlName('users')
sql = 'select * from ' + sel_sql + ' where user="******" union select aaa from bbb #'
DBService_Case.update_runmode(dbname=mysql_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(10)
LOG.info('mysql切换模式模拟。。。')
sql_execute.exec_select(dbtype='mysql', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]SELECT FROM LIMIT 注入', sql=sel_sql, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_sqlinject_gbase_learn(self):
'''sql注入特征库gbase学习模式'''
key = commen.PutsqlName('user_role_privs')
sql = 'select * from %s where username="******" or 1=1' % (key)
DBService_Case.update_runmode(dbname=gbase_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['学习'])
time.sleep(10)
LOG.info('gbase切换模式学习。。。')
sql_execute.exec_select(dbtype='gbase_s83', sql=sql)
sqlinject.check_sql(rulename='[SQL注入]基于布尔值的数字OR盲注', sql=key, risk_level=param['风险级别']['高'],
res_behavior=param['响应行为']['模拟阻断'])
def test_virtual_oracle_simulate(self):
'''漏洞特征库oracle模拟模式'''
key = commen.PutsqlName('DUAL')
sql = "SELECT XDB.DBMS_XMLSCHEMA.GENERATESCHEMA ('a', 'ABCD' || chr(212)||chr(100)||chr(201)||chr(01)chr(32)||'echo ARE YOU SURE? >c:\\Unbreakable.txt') FROM %s" % (
key)
DBService_Case.update_runmode(
dbname=oracle_dict['objName'],
runmode=db_dict['updatedbserver']['runmode']['模拟'])
time.sleep(15)
LOG.info('oracle切换模式模拟。。。')
sql_execute.exec_select(dbtype='oracle', sql=sql)
sqlinject.check_sql(rulename='[漏洞风险]ORACLE DBMS绕过登录访问控制漏洞',
sql=key,
risk_level=param['风险级别']['极高'],
res_behavior=param['响应行为']['模拟阻断'])
def access(dbtype, rulename, cn_risk_level, cn_res_behavior):
sqllist = []
obj = Connection.Connnect()
obj.dbconnect(dbtype)
for i in range(1, 12):
sql = 'select * from %s' % (PutsqlName(''))
sqllist.append(sql)
obj.exec(sql)
obj.close()
for i in sqllist:
if sqllist.index(i) < 11:
cn_risk_level = '风险级别:安全'
cn_res_behavior = '响应行为:通过'
sqlinject.check_sql(rulename=' ',
sql=sqllist.index(i),
risk_level=cn_risk_level,
res_behavior=cn_res_behavior)
else:
sqlinject.check_sql(rulename, sqllist.index(i), cn_risk_level,
cn_res_behavior)
