improved test switch --live-test and minor refactoring

2025-02-03 05:04:11 +03:00 · 2012-12-17 11:29:33 +00:00 · 2012-12-17 11:29:33 +00:00 · 2926c815bf
commit 2926c815bf
parent f40c52cc17
5 changed files with 66 additions and 61 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1731,7 +1731,7 @@ def _saveCmdline():
    infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG
    logger.info(infoMsg)
-def _setVerbosity():
+def setVerbosity():
    """
    This function set the verbosity of sqlmap output messages.
    """
@ -2057,7 +2057,7 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
    _setKnowledgeBaseAttributes()
    _mergeOptions(inputOptions, overrideOptions)
    _useWizardInterface()
-    _setVerbosity()
+    setVerbosity()
    _saveCmdline()
    _setRequestFromFile()
    _cleanupOptions()
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -462,7 +462,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable")
+BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed")
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "wwwroot", "www")
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -22,7 +22,7 @@ from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.option import init
-from lib.core.option import _setVerbosity
+from lib.core.option import setVerbosity
 from lib.core.optiondict import optDict
 from lib.parse.cmdline import cmdLineParser
@ -118,39 +118,42 @@ def liveTest():
    for case in livetests.getElementsByTagName("case"):
        count += 1
        if conf.runCase and conf.runCase != count:
            continue
        name = None
-        log = []
+        parse = []
        switches = dict(global_)
        if case.hasAttribute("name"):
            name = case.getAttribute("name")
        if conf.runCase and ((conf.runCase.isdigit() and conf.runCase != count) or not re.search(conf.runCase, name, re.DOTALL)):
            continue
        if case.getElementsByTagName("switches"):
            for child in case.getElementsByTagName("switches")[0].childNodes:
                if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
                    value = replaceVars(child.getAttribute("value"), vars_)
                    switches[child.tagName] = adjustValueType(child.tagName, value)
-        if case.getElementsByTagName("log"):
+        if case.getElementsByTagName("parse"):
-            for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"):
+            for item in case.getElementsByTagName("parse")[0].getElementsByTagName("item"):
                if item.hasAttribute("value"):
-                    log.append(replaceVars(item.getAttribute("value"), vars_))
+                    parse.append(replaceVars(item.getAttribute("value"), vars_))
        msg = "running live test case '%s' (%d/%d)" % (name, count, length)
        logger.info(msg)
-        result = runCase(switches, log)
+
        result = runCase(switches, parse)
        if result:
            logger.info("test passed")
        else:
            logger.error("test failed")
            beep()
        retVal &= result
    dataToStdout("\n")
    if retVal:
        logger.info("live test final result: PASSED")
    else:
@ -159,9 +162,12 @@ def liveTest():
    return retVal
 def initCase(switches=None):
-    paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp()
+    paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp(prefix="sqlmaptest-")
    paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
    paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
    logger.debug("using output directory '%s' for this test case" % paths.SQLMAP_OUTPUT_PATH)
    cmdLineOptions = cmdLineParser()
    cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False
@ -171,29 +177,29 @@ def initCase(switches=None):
                cmdLineOptions.__dict__[key] = value
    init(cmdLineOptions, True)
-    _setVerbosity()
+    conf.verbose = 0
    setVerbosity()
 def cleanCase():
    shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True)
    paths.SQLMAP_OUTPUT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "output")
    paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
    paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
    conf.verbose = 1
-    _setVerbosity()
+    setVerbosity()
-def runCase(switches=None, log=None):
+def runCase(switches=None, parse=None):
    retVal = True
    initCase(switches)
    result = start()
-    if result == False: #if None ignore
+
    if result == False: # if None, ignore
        logger.error("the test did not run")
        retVal = False
-    if log and retVal:
+    if parse and retVal:
        ifile = open(conf.dumper.getOutputFile(), 'r')
        content = ifile.read()
        ifile.close()
-        for item in log:
+        for item in parse:
            if item.startswith("r'") and item.endswith("'"):
                if not re.search(item[2:-1], content, re.DOTALL):
                    retVal = False
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -679,8 +679,7 @@ def cmdLineParser():
        parser.add_option("--live-test", dest="liveTest", action="store_true",
                          help=SUPPRESS_HELP)
-        parser.add_option("--run-case", dest="runCase", type="int",
+        parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)
                          help=SUPPRESS_HELP)
        parser.add_option("--restapi", dest="restApi", action="store_true",
                          help=SUPPRESS_HELP)
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@ -4,7 +4,7 @@
    <global>
        <ignoreProxy value="True"/>
        <batch value="True"/>
-        <verbose value="0"/>
+        <verbose value="1"/>
    </global>
    <case name="MySQL (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
        <switches>
@ -22,16 +22,16 @@
            <dumpTable value="True"/>
            <threads value="4"/>
        </switches>
-        <log>
+        <parse>
-            <item value="current user is DBA:    'True'"/>
+            <item value="current user is DBA:    True"/>
-            <item value="banner:    '5.1.41-3~bpo50+1'"/>
+            <item value="banner:    '5.1.63-0+squeeze1'"/>
            <item value="current user:    'root@localhost'"/>
            <item value="current database:    'testdb'"/>
            <item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+surname.+varchar\(1000\)'"/>
-            <item value="r'4 entries.+nameisnull.+'"/>
+            <item value="r'5 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MySQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -48,7 +48,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    '5.1.41-3~bpo50+1'"/>
            <item value="current user:    'root@localhost'"/>
@ -57,7 +57,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+surname.+varchar\(1000\)'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MySQL (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -74,7 +74,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    '5.1.41-3~bpo50+1'"/>
            <item value="current user:    'root@localhost'"/>
@ -83,7 +83,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+surname.+varchar\(1000\)'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MySQL partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -100,7 +100,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    '5.1.41-3~bpo50+1'"/>
            <item value="current user:    'root@localhost'"/>
@ -109,7 +109,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+surname.+varchar\(1000\)'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="Postgres (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
        <switches>
@ -127,7 +127,7 @@
            <dumpTable value="True"/>
            <threads value="4"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
            <item value="current user:    'testuser'"/>
@ -136,7 +136,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+username.+bpchar'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Postgres (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -153,7 +153,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
            <item value="current user:    'testuser'"/>
@ -162,7 +162,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+username.+bpchar'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Postgres (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -179,7 +179,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
            <item value="current user:    'testuser'"/>
@ -188,7 +188,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+username.+bpchar'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Postgres partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -205,7 +205,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
            <item value="current user:    'testuser'"/>
@ -214,7 +214,7 @@
            <item value="r'1 table.+users'"/>
            <item value="r'3 columns.+username.+bpchar'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Oracle (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump --threads=4)">
        <switches>
@ -232,7 +232,7 @@
            <dumpTable value="True"/>
            <threads value="4"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
            <item value="current user:    'SYS'"/>
@ -241,7 +241,7 @@
            <item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
            <item value="r'3 columns.+SURNAME.+VARCHAR'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Oracle (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
        <switches>
@ -258,7 +258,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
            <item value="current user:    'SYS'"/>
@ -267,7 +267,7 @@
            <item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
            <item value="r'3 columns.+SURNAME.+VARCHAR'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Oracle (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
        <switches>
@ -284,7 +284,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
            <item value="current user:    'SYS'"/>
@ -293,7 +293,7 @@
            <item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
            <item value="r'3 columns.+SURNAME.+VARCHAR'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="Oracle partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
        <switches>
@ -310,7 +310,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
            <item value="current user:    'SYS'"/>
@ -319,7 +319,7 @@
            <item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
            <item value="r'3 columns.+SURNAME.+VARCHAR'"/>
            <item value="r'4 entries.+nameisnull'"/>
-        </log>
+        </parse>
    </case>
    <case name="MSSQL (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
        <switches>
@ -337,7 +337,7 @@
            <dumpTable value="True"/>
            <threads value="4"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
            <item value="current user:    'sa'"/>
@ -346,7 +346,7 @@
            <item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
            <item value="r'3 columns.+surname.+varchar'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MSSQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -363,7 +363,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
            <item value="current user:    'sa'"/>
@ -372,7 +372,7 @@
            <item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
            <item value="r'3 columns.+surname.+varchar'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MSSQL (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -389,7 +389,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
            <item value="current user:    'sa'"/>
@ -398,7 +398,7 @@
            <item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
            <item value="r'3 columns.+surname.+varchar'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
    <case name="MSSQL partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
        <switches>
@ -415,7 +415,7 @@
            <getColumns value="True"/>
            <dumpTable value="True"/>
        </switches>
-        <log>
+        <parse>
            <item value="current user is DBA:    'True'"/>
            <item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
            <item value="current user:    'sa'"/>
@ -424,6 +424,6 @@
            <item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
            <item value="r'3 columns.+surname.+varchar'"/>
            <item value="r'4 entries.+nameisnull.+'"/>
-        </log>
+        </parse>
    </case>
 </root>