int read_file(const char* fname, int flags, int testtype)
{
int count = 0;
FILE *fp = NULL;
char linebuf[4096];
char g_actual[4096];
char* bufptr = NULL;
sfilter sf;
int ok = 1;
int num_tokens;
int issqli;
int i;
g_test[0] = '\0';
g_input[0] = '\0';
g_expected[0] = '\0';
fp = fopen(fname, "r");
while(fgets(linebuf, sizeof(linebuf), fp) != NULL) {
if (count == 0 && strcmp(linebuf, "--TEST--\n") == 0) {
bufptr = g_test;
count = 1;
} else if (count == 1 && strcmp(linebuf, "--INPUT--\n") == 0) {
bufptr = g_input;
count = 2;
} else if (count == 2 && strcmp(linebuf, "--EXPECTED--\n") == 0) {
bufptr = g_expected;
count = 3;
} else {
strcat(bufptr, linebuf);
}
}
fclose(fp);
if (count != 3) {
return 1;
}
g_expected[modp_rtrim(g_expected, strlen(g_expected))] = '\0';
g_input[modp_rtrim(g_input, strlen(g_input))] = '\0';
size_t slen = strlen(g_input);
char* copy = (char* ) malloc(slen);
memcpy(copy, g_input, slen);
libinjection_sqli_init(&sf, copy, slen, flags);
/* just here for code coverage and cppcheck */
libinjection_sqli_callback(&sf, NULL, NULL);
slen = 0;
g_actual[0] = '\0';
if (testtype == 1) {
issqli = libinjection_is_sqli(&sf);
if (issqli) {
sprintf(g_actual, "%s", sf.fingerprint);
}
} else if (testtype == 2) {
num_tokens = libinjection_sqli_fold(&sf);
for (i = 0; i < num_tokens; ++i) {
slen = print_token(g_actual, slen, &(sf.tokenvec[i]));
}
} else {
while (libinjection_sqli_tokenize(&sf) == 1) {
slen = print_token(g_actual, slen, sf.current);
}
}
g_actual[modp_rtrim(g_actual, strlen(g_actual))] = '\0';
if (strcmp(g_expected, g_actual) != 0) {
printf("INPUT: \n%s\n==\n", g_input);
printf("EXPECTED: \n%s\n==\n", g_expected);
printf("GOT: \n%s\n==\n", g_actual);
ok = 0;
}
free(copy);
return ok;
}
int main(int argc, const char* argv[])
{
int flags = 0;
int fold = 0;
int detect = 0;
int i;
int count;
int offset = 1;
int issqli;
sfilter sf;
if (argc < 2) {
fprintf(stderr, "need more args\n");
return 1;
}
while (1) {
if (strcmp(argv[offset], "-m") == 0) {
flags |= FLAG_SQL_MYSQL;
offset += 1;
}
else if (strcmp(argv[offset], "-f") == 0 || strcmp(argv[offset], "--fold") == 0) {
fold = 1;
offset += 1;
} else if (strcmp(argv[offset], "-d") == 0 || strcmp(argv[offset], "--detect") == 0) {
detect = 1;
offset += 1;
} else if (strcmp(argv[offset], "-ca") == 0) {
flags |= FLAG_SQL_ANSI;
offset += 1;
} else if (strcmp(argv[offset], "-cm") == 0) {
flags |= FLAG_SQL_MYSQL;
offset += 1;
} else if (strcmp(argv[offset], "-q0") == 0) {
flags |= FLAG_QUOTE_NONE;
offset += 1;
} else if (strcmp(argv[offset], "-q1") == 0) {
flags |= FLAG_QUOTE_SINGLE;
offset += 1;
} else if (strcmp(argv[offset], "-q2") == 0) {
flags |= FLAG_QUOTE_DOUBLE;
offset += 1;
} else {
break;
}
}
/* ATTENTION: argv is a C-string, null terminated. We copy this
* to it's own location, WITHOUT null byte. This way, valgrind
* can see if we run past the buffer.
*/
size_t slen = strlen(argv[offset]);
char* copy = (char* ) malloc(slen);
memcpy(copy, argv[offset], slen);
libinjection_sqli_init(&sf, copy, slen, flags);
if (detect == 1) {
issqli = libinjection_is_sqli(&sf);
if (issqli) {
printf("%s\n", sf.fingerprint);
}
} else if (fold == 1) {
count = libinjection_sqli_fold(&sf);
// printf("count = %d\n", count);
for (i = 0; i < count; ++i) {
//printf("token: %d :: ", i);
print_token(&(sf.tokenvec[i]));
}
} else {
while (libinjection_sqli_tokenize(&sf)) {
print_token(sf.current);
}
}
free(copy);
return 0;
}
enum MYSQL_COM_QUERY_command Query_Processor::__query_parser_command_type(void *args) {
SQP_par_t *qp=(SQP_par_t *)args;
while (libinjection_sqli_tokenize(&qp->sf)) {
if (qp->sf.current->type=='E' || qp->sf.current->type=='k' || qp->sf.current->type=='T') {
char c1=toupper(qp->sf.current->val[0]);
proxy_debug(PROXY_DEBUG_MYSQL_COM, 5, "Command:%s Prefix:%c\n", qp->sf.current->val, c1);
switch (c1) {
case 'A':
if (!strcasecmp("ALTER",qp->sf.current->val)) { // ALTER [ONLINE | OFFLINE] [IGNORE] TABLE
while (libinjection_sqli_tokenize(&qp->sf)) {
if (qp->sf.current->type=='c') continue;
if (qp->sf.current->type=='n') {
if (!strcasecmp("OFFLINE",qp->sf.current->val)) continue;
if (!strcasecmp("ONLINE",qp->sf.current->val)) continue;
}
if (qp->sf.current->type=='k') {
if (!strcasecmp("IGNORE",qp->sf.current->val)) continue;
if (!strcasecmp("TABLE",qp->sf.current->val))
return MYSQL_COM_QUERY_ALTER_TABLE;
}
return MYSQL_COM_QUERY_UNKNOWN;
}
}
if (!strcasecmp("ANALYZE",qp->sf.current->val)) { // ANALYZE [NO_WRITE_TO_BINLOG | LOCAL] TABLE
while (libinjection_sqli_tokenize(&qp->sf)) {
if (qp->sf.current->type=='c') continue;
if (qp->sf.current->type=='n') {
if (!strcasecmp("LOCAL",qp->sf.current->val)) continue;
}
if (qp->sf.current->type=='k') {
if (!strcasecmp("NO_WRITE_TO_BINLOG",qp->sf.current->val)) continue;
if (!strcasecmp("TABLE",qp->sf.current->val))
return MYSQL_COM_QUERY_ANALYZE_TABLE;
}
return MYSQL_COM_QUERY_UNKNOWN;
}
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'B':
if (!strcasecmp("BEGIN",qp->sf.current->val)) { // BEGIN
return MYSQL_COM_QUERY_BEGIN;
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'C':
if (!strcasecmp("COMMIT",qp->sf.current->val)) { // COMMIT
return MYSQL_COM_QUERY_COMMIT;
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'D':
if (!strcasecmp("DELETE",qp->sf.current->val)) { // DELETE
return MYSQL_COM_QUERY_DELETE;
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'I':
if (!strcasecmp("INSERT",qp->sf.current->val)) { // INSERT
return MYSQL_COM_QUERY_INSERT;
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'S':
if (!strcasecmp("SELECT",qp->sf.current->val)) { // SELECT
return MYSQL_COM_QUERY_SELECT;
}
if (!strcasecmp("SET",qp->sf.current->val)) { // SET
return MYSQL_COM_QUERY_SET;
}
if (!strcasecmp("SHOW",qp->sf.current->val)) { // SHOW
while (libinjection_sqli_tokenize(&qp->sf)) {
if (qp->sf.current->type=='c') continue;
/*
if (qp->sf.current->type=='n') {
if (!strcasecmp("OFFLINE",qp->sf.current->val)) continue;
if (!strcasecmp("ONLINE",qp->sf.current->val)) continue;
}
*/
if (qp->sf.current->type=='k') {
if (!strcasecmp("TABLE",qp->sf.current->val)) {
while (libinjection_sqli_tokenize(&qp->sf)) {
if (qp->sf.current->type=='c') continue;
if (qp->sf.current->type=='n') {
if (!strcasecmp("STATUS",qp->sf.current->val))
return MYSQL_COM_QUERY_SHOW_TABLE_STATUS;
}
}
}
}
return MYSQL_COM_QUERY_UNKNOWN;
}
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
case 'U':
if (!strcasecmp("UPDATE",qp->sf.current->val)) { // UPDATE
return MYSQL_COM_QUERY_UPDATE;
}
return MYSQL_COM_QUERY_UNKNOWN;
break;
default:
return MYSQL_COM_QUERY_UNKNOWN;
break;
}
}
}
return MYSQL_COM_QUERY_UNKNOWN;
}
int main(int argc, const char* argv[])
{
char comment_style = COMMENTS_ANSI;
int fold = 0;
int detect = 0;
int i;
int count;
int offset = 1;
sfilter sf;
stoken_t current;
if (argc < 2) {
fprintf(stderr, "need more args\n");
return 1;
}
while (1) {
if (strcmp(argv[offset], "-m") == 0) {
comment_style = COMMENTS_MYSQL;
offset += 1;
}
else if (strcmp(argv[offset], "-f") == 0 || strcmp(argv[offset], "--fold") == 0) {
fold = 1;
offset += 1;
} else if (strcmp(argv[offset], "-d") == 0 || strcmp(argv[offset], "--detect") == 0) {
detect = 1;
offset += 1;
} else {
break;
}
}
/* ATTENTION: argv is a C-string, null terminated. We copy this
* to it's own location, WITHOUT null byte. This way, valgrind
* can see if we run past the buffer.
*/
size_t slen = strlen(argv[offset]);
char* copy = (char* ) malloc(slen);
memcpy(copy, argv[offset], slen);
libinjection_sqli_init(&sf, copy, slen, CHAR_NULL, comment_style);
if (detect == 1) {
detect = libinjection_is_sqli(&sf, copy, slen, CHAR_NULL, COMMENTS_ANSI);
if (detect) {
printf("%s\n", sf.pat);
}
} else if (fold == 1) {
count = filter_fold(&sf);
// printf("count = %d\n", count);
for (i = 0; i < count; ++i) {
//printf("token: %d :: ", i);
print_token(&(sf.tokenvec[i]));
}
} else {
while (libinjection_sqli_tokenize(&sf, ¤t)) {
print_token(¤t);
}
}
free(copy);
return 0;
}
