sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

everything is ready for testing (smoke and live)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-09-27 11:20:48 +00:00
parent dc11ae0d65
commit 3b9fe3e1c8
2 changed files with 85 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
lib/core/testing.py
View File

@ -25,6 +25,7 @@ import codecs
import logging import logging
import os import os
import re import re
import shutil
import sys import sys
import tempfile import tempfile
import time import time
@ -81,9 +82,9 @@ def smokeTest():
dataToStdout("\r%s\r" % (" "*(getConsoleWidth()-1))) dataToStdout("\r%s\r" % (" "*(getConsoleWidth()-1)))
if retVal: if retVal:
logger.info("smoke test final result: passed") logger.info("smoke test final result: PASSED")
else: else:
logger.info("smoke test final result: failed") logger.error("smoke test final result: FAILED")
return retVal return retVal
@ -93,75 +94,96 @@ def liveTest():
""" """
retVal = True retVal = True
count = 0 count = 0
vars = {} global_ = {}
vars_ = {}
xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding) xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
livetests = minidom.parse(xfile).documentElement livetests = minidom.parse(xfile).documentElement
xfile.close() xfile.close()
length = len(livetests.getElementsByTagName("case"))
global_ = livetests.getElementsByTagName("global") element = livetests.getElementsByTagName("global")
if global_: if element:
for item in global_: for item in element:
for child in item.childNodes: for child in item.childNodes:
if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
vars[child.tagName] = child.getAttribute("value") global_[child.tagName] = child.getAttribute("value")
element = livetests.getElementsByTagName("vars")
if element:
for item in element:
for child in item.childNodes:
if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
vars_[child.tagName] = child.getAttribute("value")
for case in livetests.getElementsByTagName("case"): for case in livetests.getElementsByTagName("case"):
name = None
log = [] log = []
session = [] session = []
switches = {} switches = dict(global_)
count += 1
if case.hasAttribute("name"):
name = case.getAttribute("name")
if case.getElementsByTagName("switches"): if case.getElementsByTagName("switches"):
for child in case.getElementsByTagName("switches")[0].childNodes: for child in case.getElementsByTagName("switches")[0].childNodes:
if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
switches[child.tagName] = replaceVars(child.getAttribute("value"), vars) switches[child.tagName] = replaceVars(child.getAttribute("value"), vars_)
if case.getElementsByTagName("log"): if case.getElementsByTagName("log"):
for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"): for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"):
if item.hasAttribute("value"): if item.hasAttribute("value"):
log.append(replaceVars(item.getAttribute("value"), vars)) log.append(replaceVars(item.getAttribute("value"), vars_))
if case.getElementsByTagName("session"): if case.getElementsByTagName("session"):
for item in case.getElementsByTagName("session")[0].getElementsByTagName("item"): for item in case.getElementsByTagName("session")[0].getElementsByTagName("item"):
if item.hasAttribute("value"): if item.hasAttribute("value"):
session.append(replaceVars(item.getAttribute("value"), vars)) session.append(replaceVars(item.getAttribute("value"), vars_))
result = runCase(switches, log, session) count += 1
if not result: msg = "running live test case '%s' (%d/%d)" % (name, count, length)
errMsg = "live test failed at case #%d" % count logger.info(msg)
logger.error(errMsg) result = runCase(name, switches, log, session)
if result:
logger.info("test passed")
else:
logger.error("test failed")
retVal &= result retVal &= result
dataToStdout("\n")
if retVal: if retVal:
logger.info("live test final result: passed") logger.info("live test final result: PASSED")
else: else:
logger.info("live test final result: failed") logger.error("live test final result: FAILED")
return retVal return retVal
def initCase(): def initCase(switches=None):
paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp() paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp()
paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
cmdLineOptions = cmdLineParser() cmdLineOptions = cmdLineParser()
cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False
cmdLineOptions.verbose = 0 cmdLineOptions.verbose = 0
if switches:
for key, value in switches.items():
conf[key] = value
conf.sessionFile = None
init(cmdLineOptions) init(cmdLineOptions)
__setVerbosity() __setVerbosity()
def cleanCase(): def cleanCase():
#remove dir: paths.SQLMAP_OUTPUT_PATH shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True)
paths.SQLMAP_OUTPUT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "output") paths.SQLMAP_OUTPUT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "output")
paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
conf.verbose = 1 conf.verbose = 1
__setVerbosity() __setVerbosity()
def runCase(switches, log=None, session=None): def runCase(name=None, switches=None, log=None, session=None):
retVal = True retVal = True
initCase() initCase(switches)
for key, value in switches.items():
conf[key] = value
result = start() result = start()
if result == False: #if None ignore if result == False: #if None ignore
@ -172,8 +194,11 @@ def runCase(switches, log=None, session=None):
content = file.read() content = file.read()
file.close() file.close()
for item in session: for item in session:
#if not re.search(item, content): if item.startswith("r'") and item.endswith("'"):
if content.find(item) < 0: if not re.search(item[2:-1], content):
retVal = False
break
elif content.find(item) < 0:
retVal = False retVal = False
break break
@ -182,18 +207,21 @@ def runCase(switches, log=None, session=None):
content = file.read() content = file.read()
file.close() file.close()
for item in log: for item in log:
#if not re.search(item, content): if item.startswith("r'") and item.endswith("'"):
if content.find(item) < 0: if not re.search(item[2:-1], content):
retVal = False
break
elif content.find(item) < 0:
retVal = False retVal = False
break break
cleanCase() cleanCase()
return retVal return retVal
def replaceVars(item, vars): def replaceVars(item, vars_):
retVal = item retVal = item
if item and vars: if item and vars_:
for var in re.findall(getCompiledRegex("\$\{([^}]+)\}"), item): for var in re.findall(getCompiledRegex("\$\{([^}]+)\}"), item):
if var in vars: if var in vars_:
retVal = retVal.replace("${%s}" % var, vars[var]) retVal = retVal.replace("${%s}" % var, vars_[var])
return retVal return retVal

25
xml/livetests.xml
View File

@ -2,33 +2,44 @@
<root> <root>
<global> <global>
<host value="192.168.228.130"/> <ignoreProxy value="True"/>
</global> </global>
<!-- MySQL --> <vars>
<case> <host value="172.16.104.130"/>
</vars>
<case name="Postgres (--is-dba)">
<switches>
<url value="http://${host}/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
</log>
</case>
<case name="MySQL (--banner --threads=5)">
<switches> <switches>
<url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/> <url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/>
<getBanner value="True"/> <getBanner value="True"/>
<threads value="5"/>
</switches> </switches>
<log> <log>
<item value="5.1.41-3~bpo50+1"/> <item value="5.1.41-3~bpo50+1"/>
</log> </log>
</case> </case>
<!-- Oracle <case name="Oracle (-o -f --users)">
<case>
<switches> <switches>
<url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/> <url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/>
<extensiveFp value="True"/> <extensiveFp value="True"/>
<optimize value="True"/>
<getUsers value="True"/> <getUsers value="True"/>
</switches> </switches>
<log> <log>
<item value="database management system users"/> <item value="database management system users"/>
<item value="SYSMAN"/> <item value="r'SYS.*N'"/> <!--sample for regex-->
</log> </log>
<session> <session>
<item value="SELECT DISTINCT(USERNAME)"/> <item value="SELECT DISTINCT(USERNAME)"/>
<item value="[DBMS][Oracle]"/> <item value="[DBMS][Oracle]"/>
</session> </session>
</case> </case>
-->
</root> </root>