int read_file(const char* fname, int flags, int testtype) { int count = 0; FILE *fp = NULL; char linebuf[4096]; char g_actual[4096]; char* bufptr = NULL; sfilter sf; int ok = 1; int num_tokens; int issqli; int i; g_test[0] = '\0'; g_input[0] = '\0'; g_expected[0] = '\0'; fp = fopen(fname, "r"); while(fgets(linebuf, sizeof(linebuf), fp) != NULL) { if (count == 0 && strcmp(linebuf, "--TEST--\n") == 0) { bufptr = g_test; count = 1; } else if (count == 1 && strcmp(linebuf, "--INPUT--\n") == 0) { bufptr = g_input; count = 2; } else if (count == 2 && strcmp(linebuf, "--EXPECTED--\n") == 0) { bufptr = g_expected; count = 3; } else { strcat(bufptr, linebuf); } } fclose(fp); if (count != 3) { return 1; } g_expected[modp_rtrim(g_expected, strlen(g_expected))] = '\0'; g_input[modp_rtrim(g_input, strlen(g_input))] = '\0'; size_t slen = strlen(g_input); char* copy = (char* ) malloc(slen); memcpy(copy, g_input, slen); libinjection_sqli_init(&sf, copy, slen, flags); /* just here for code coverage and cppcheck */ libinjection_sqli_callback(&sf, NULL, NULL); slen = 0; g_actual[0] = '\0'; if (testtype == 1) { issqli = libinjection_is_sqli(&sf); if (issqli) { sprintf(g_actual, "%s", sf.fingerprint); } } else if (testtype == 2) { num_tokens = libinjection_sqli_fold(&sf); for (i = 0; i < num_tokens; ++i) { slen = print_token(g_actual, slen, &(sf.tokenvec[i])); } } else { while (libinjection_sqli_tokenize(&sf) == 1) { slen = print_token(g_actual, slen, sf.current); } } g_actual[modp_rtrim(g_actual, strlen(g_actual))] = '\0'; if (strcmp(g_expected, g_actual) != 0) { printf("INPUT: \n%s\n==\n", g_input); printf("EXPECTED: \n%s\n==\n", g_expected); printf("GOT: \n%s\n==\n", g_actual); ok = 0; } free(copy); return ok; }
int main(int argc, const char* argv[]) { int flags = 0; int fold = 0; int detect = 0; int i; int count; int offset = 1; int issqli; sfilter sf; if (argc < 2) { fprintf(stderr, "need more args\n"); return 1; } while (1) { if (strcmp(argv[offset], "-m") == 0) { flags |= FLAG_SQL_MYSQL; offset += 1; } else if (strcmp(argv[offset], "-f") == 0 || strcmp(argv[offset], "--fold") == 0) { fold = 1; offset += 1; } else if (strcmp(argv[offset], "-d") == 0 || strcmp(argv[offset], "--detect") == 0) { detect = 1; offset += 1; } else if (strcmp(argv[offset], "-ca") == 0) { flags |= FLAG_SQL_ANSI; offset += 1; } else if (strcmp(argv[offset], "-cm") == 0) { flags |= FLAG_SQL_MYSQL; offset += 1; } else if (strcmp(argv[offset], "-q0") == 0) { flags |= FLAG_QUOTE_NONE; offset += 1; } else if (strcmp(argv[offset], "-q1") == 0) { flags |= FLAG_QUOTE_SINGLE; offset += 1; } else if (strcmp(argv[offset], "-q2") == 0) { flags |= FLAG_QUOTE_DOUBLE; offset += 1; } else { break; } } /* ATTENTION: argv is a C-string, null terminated. We copy this * to it's own location, WITHOUT null byte. This way, valgrind * can see if we run past the buffer. */ size_t slen = strlen(argv[offset]); char* copy = (char* ) malloc(slen); memcpy(copy, argv[offset], slen); libinjection_sqli_init(&sf, copy, slen, flags); if (detect == 1) { issqli = libinjection_is_sqli(&sf); if (issqli) { printf("%s\n", sf.fingerprint); } } else if (fold == 1) { count = libinjection_sqli_fold(&sf); // printf("count = %d\n", count); for (i = 0; i < count; ++i) { //printf("token: %d :: ", i); print_token(&(sf.tokenvec[i])); } } else { while (libinjection_sqli_tokenize(&sf)) { print_token(sf.current); } } free(copy); return 0; }
enum MYSQL_COM_QUERY_command Query_Processor::__query_parser_command_type(void *args) { SQP_par_t *qp=(SQP_par_t *)args; while (libinjection_sqli_tokenize(&qp->sf)) { if (qp->sf.current->type=='E' || qp->sf.current->type=='k' || qp->sf.current->type=='T') { char c1=toupper(qp->sf.current->val[0]); proxy_debug(PROXY_DEBUG_MYSQL_COM, 5, "Command:%s Prefix:%c\n", qp->sf.current->val, c1); switch (c1) { case 'A': if (!strcasecmp("ALTER",qp->sf.current->val)) { // ALTER [ONLINE | OFFLINE] [IGNORE] TABLE while (libinjection_sqli_tokenize(&qp->sf)) { if (qp->sf.current->type=='c') continue; if (qp->sf.current->type=='n') { if (!strcasecmp("OFFLINE",qp->sf.current->val)) continue; if (!strcasecmp("ONLINE",qp->sf.current->val)) continue; } if (qp->sf.current->type=='k') { if (!strcasecmp("IGNORE",qp->sf.current->val)) continue; if (!strcasecmp("TABLE",qp->sf.current->val)) return MYSQL_COM_QUERY_ALTER_TABLE; } return MYSQL_COM_QUERY_UNKNOWN; } } if (!strcasecmp("ANALYZE",qp->sf.current->val)) { // ANALYZE [NO_WRITE_TO_BINLOG | LOCAL] TABLE while (libinjection_sqli_tokenize(&qp->sf)) { if (qp->sf.current->type=='c') continue; if (qp->sf.current->type=='n') { if (!strcasecmp("LOCAL",qp->sf.current->val)) continue; } if (qp->sf.current->type=='k') { if (!strcasecmp("NO_WRITE_TO_BINLOG",qp->sf.current->val)) continue; if (!strcasecmp("TABLE",qp->sf.current->val)) return MYSQL_COM_QUERY_ANALYZE_TABLE; } return MYSQL_COM_QUERY_UNKNOWN; } } return MYSQL_COM_QUERY_UNKNOWN; break; case 'B': if (!strcasecmp("BEGIN",qp->sf.current->val)) { // BEGIN return MYSQL_COM_QUERY_BEGIN; } return MYSQL_COM_QUERY_UNKNOWN; break; case 'C': if (!strcasecmp("COMMIT",qp->sf.current->val)) { // COMMIT return MYSQL_COM_QUERY_COMMIT; } return MYSQL_COM_QUERY_UNKNOWN; break; case 'D': if (!strcasecmp("DELETE",qp->sf.current->val)) { // DELETE return MYSQL_COM_QUERY_DELETE; } return MYSQL_COM_QUERY_UNKNOWN; break; case 'I': if (!strcasecmp("INSERT",qp->sf.current->val)) { // INSERT return MYSQL_COM_QUERY_INSERT; } return MYSQL_COM_QUERY_UNKNOWN; break; case 'S': if (!strcasecmp("SELECT",qp->sf.current->val)) { // SELECT return MYSQL_COM_QUERY_SELECT; } if (!strcasecmp("SET",qp->sf.current->val)) { // SET return MYSQL_COM_QUERY_SET; } if (!strcasecmp("SHOW",qp->sf.current->val)) { // SHOW while (libinjection_sqli_tokenize(&qp->sf)) { if (qp->sf.current->type=='c') continue; /* if (qp->sf.current->type=='n') { if (!strcasecmp("OFFLINE",qp->sf.current->val)) continue; if (!strcasecmp("ONLINE",qp->sf.current->val)) continue; } */ if (qp->sf.current->type=='k') { if (!strcasecmp("TABLE",qp->sf.current->val)) { while (libinjection_sqli_tokenize(&qp->sf)) { if (qp->sf.current->type=='c') continue; if (qp->sf.current->type=='n') { if (!strcasecmp("STATUS",qp->sf.current->val)) return MYSQL_COM_QUERY_SHOW_TABLE_STATUS; } } } } return MYSQL_COM_QUERY_UNKNOWN; } } return MYSQL_COM_QUERY_UNKNOWN; break; case 'U': if (!strcasecmp("UPDATE",qp->sf.current->val)) { // UPDATE return MYSQL_COM_QUERY_UPDATE; } return MYSQL_COM_QUERY_UNKNOWN; break; default: return MYSQL_COM_QUERY_UNKNOWN; break; } } } return MYSQL_COM_QUERY_UNKNOWN; }
int main(int argc, const char* argv[]) { char comment_style = COMMENTS_ANSI; int fold = 0; int detect = 0; int i; int count; int offset = 1; sfilter sf; stoken_t current; if (argc < 2) { fprintf(stderr, "need more args\n"); return 1; } while (1) { if (strcmp(argv[offset], "-m") == 0) { comment_style = COMMENTS_MYSQL; offset += 1; } else if (strcmp(argv[offset], "-f") == 0 || strcmp(argv[offset], "--fold") == 0) { fold = 1; offset += 1; } else if (strcmp(argv[offset], "-d") == 0 || strcmp(argv[offset], "--detect") == 0) { detect = 1; offset += 1; } else { break; } } /* ATTENTION: argv is a C-string, null terminated. We copy this * to it's own location, WITHOUT null byte. This way, valgrind * can see if we run past the buffer. */ size_t slen = strlen(argv[offset]); char* copy = (char* ) malloc(slen); memcpy(copy, argv[offset], slen); libinjection_sqli_init(&sf, copy, slen, CHAR_NULL, comment_style); if (detect == 1) { detect = libinjection_is_sqli(&sf, copy, slen, CHAR_NULL, COMMENTS_ANSI); if (detect) { printf("%s\n", sf.pat); } } else if (fold == 1) { count = filter_fold(&sf); // printf("count = %d\n", count); for (i = 0; i < count; ++i) { //printf("token: %d :: ", i); print_token(&(sf.tokenvec[i])); } } else { while (libinjection_sqli_tokenize(&sf, ¤t)) { print_token(¤t); } } free(copy); return 0; }