def test_true_positive_request_count(): responses.add(responses.GET, re.compile(r"http://perdu.com/blind_sql.php\?vuln1=sleep"), body=ReadTimeout("Read timed out")) responses.add(responses.GET, re.compile(r"http://perdu.com/blind_sql.php\?vuln1=hello"), body="Hello there!") persister = FakePersister() request = Request("http://perdu.com/blind_sql.php?vuln1=hello%20there") request.path_id = 42 crawler = Crawler("http://perdu.com/", timeout=1) options = {"timeout": 1, "level": 1} logger = Mock() module = mod_timesql(crawler, persister, logger, options) module.verbose = 2 module.do_post = False module.attack(request) # Four requests should be made there: # Three ones due to time-based SQL injection (one for injection, two to be sure) # Then one request to verify that the original request doesn't raise a timeout assert len(responses.calls) == 4
def test_false_positive_request_count(): responses.add( responses.GET, # Beware! Responses seems to do a match on regex and not a search, give it full URL re.compile(r"http://perdu.com/blind_sql.php\?vuln1=sleep"), body=ReadTimeout("Read timed out")) responses.add(responses.GET, re.compile(r"http://perdu.com/blind_sql.php\?vuln1=hello"), body=ReadTimeout("Read timed out")) persister = FakePersister() request = Request("http://perdu.com/blind_sql.php?vuln1=hello%20there") request.path_id = 42 crawler = Crawler("http://perdu.com/", timeout=1) options = {"timeout": 1, "level": 1} logger = Mock() module = mod_timesql(crawler, persister, logger, options) module.verbose = 2 module.do_post = False module.attack(request) # Due to the retry decorator we should have 6 requests here # First three to make sure the payload generate timeouts each time # then three more requests with timeouts to make sure the original request is a false positive assert len(responses.calls) == 6
def test_timesql_false_positive(): persister = FakePersister() request = Request( "http://127.0.0.1:65082/blind_sql.php?vuln2=hello%20there") request.path_id = 42 crawler = Crawler("http://127.0.0.1:65082/", timeout=1) options = {"timeout": 1, "level": 1} logger = Mock() module = mod_timesql(crawler, persister, logger, options) module.do_post = False module.attack(request) assert not persister.vulnerabilities
async def test_timesql_false_positive(): persister = AsyncMock() request = Request( "http://127.0.0.1:65082/blind_sql.php?vuln2=hello%20there") request.path_id = 42 crawler = AsyncCrawler("http://127.0.0.1:65082/", timeout=1) options = {"timeout": 1, "level": 1} module = mod_timesql(crawler, persister, options, Event()) module.do_post = False await module.attack(request) assert not persister.add_payload.call_count await crawler.close()
def test_timesql_detection(): # It looks like php -S has serious limitations # so PHP script should wait a minimum amount of time for the test to succeed persister = FakePersister() request = Request( "http://127.0.0.1:65082/blind_sql.php?foo=bar&vuln1=hello%20there") request.path_id = 42 crawler = Crawler("http://127.0.0.1:65082/", timeout=1) options = {"timeout": 1, "level": 1} logger = Mock() module = mod_timesql(crawler, persister, logger, options) module.do_post = False module.attack(request) assert persister.vulnerabilities assert persister.vulnerabilities[0][0] == "vuln1" assert "sleep" in persister.vulnerabilities[0][1]
async def test_timesql_detection(): # It looks like php -S has serious limitations # so PHP script should wait a minimum amount of time for the test to succeed persister = AsyncMock() request = Request( "http://127.0.0.1:65082/blind_sql.php?foo=bar&vuln1=hello%20there") request.path_id = 42 crawler = AsyncCrawler("http://127.0.0.1:65082/", timeout=1) options = {"timeout": 1, "level": 1} module = mod_timesql(crawler, persister, options, Event()) module.do_post = False await module.attack(request) assert persister.add_payload.call_count assert persister.add_payload.call_args_list[0][1]["module"] == "timesql" assert persister.add_payload.call_args_list[0][1]["category"] == _( "Blind SQL Injection") assert persister.add_payload.call_args_list[0][1][ "request"].get_params == [['foo', 'bar'], ['vuln1', 'sleep(2)#1']] await crawler.close()
async def test_true_positive_request_count(): respx.get(url__regex=r"http://perdu.com/blind_sql\.php\?vuln1=sleep").mock( side_effect=httpx.ReadTimeout) respx.get(url__regex=r"http://perdu.com/blind_sql\.php\?vuln1=hello").mock( return_value=httpx.Response(200, text="Hello there!")) persister = AsyncMock() request = Request("http://perdu.com/blind_sql.php?vuln1=hello%20there") request.path_id = 42 crawler = AsyncCrawler("http://perdu.com/", timeout=1) options = {"timeout": 1, "level": 1} module = mod_timesql(crawler, persister, options, Event()) module.verbose = 2 module.do_post = False await module.attack(request) # Four requests should be made there: # Three ones due to time-based SQL injection (one for injection, two to be sure) # Then one request to verify that the original request doesn't raise a timeout assert respx.calls.call_count == 4 await crawler.close()
async def test_false_positive_request_count(): respx.get(url__regex=r"http://perdu.com/blind_sql.php\?vuln1=sleep").mock( side_effect=httpx.ReadTimeout) respx.get(url__regex=r"http://perdu.com/blind_sql.php\?vuln1=hello").mock( side_effect=httpx.ReadTimeout) persister = AsyncMock() request = Request("http://perdu.com/blind_sql.php?vuln1=hello%20there") request.path_id = 42 crawler = AsyncCrawler("http://perdu.com/", timeout=1) options = {"timeout": 1, "level": 1} module = mod_timesql(crawler, persister, options, Event()) module.verbose = 2 module.do_post = False await module.attack(request) # Due to the retry decorator we should have 6 requests here # First three to make sure the payload generate timeouts each time # then three more requests with timeouts to make sure the original request is a false positive assert respx.calls.call_count == 6 await crawler.close()