de/d6d/sql__injection_8py_source.html

"""

    EPITECH PROJECT, 2022

    Desktop_pet (Workspace)

    File description:

    injection.py


    The file un charge of checking if an injection is attempted with the open database

"""


import base64

from typing import Union, List


from display_tty import Disp, TOML_CONF, SAVE_TO_FILE, FILE_NAME


class SQLInjection:

    """ Check if an sql injection is present """


    def __init__(self, error: int = 84, success: int = 0, debug: bool = False) -> None:

        # ---------------------------- Status codes ----------------------------

        self.debug: bool = debug

        self.error: int = error

        self.success: int = success

        # ---------------------------- Logging data ----------------------------

        self.disp: Disp = Disp(

            TOML_CONF,

            SAVE_TO_FILE,

            FILE_NAME,

            self.debug,

            logger=self.__class__.__name__

        )

        # ------------------ Injection checking related data  ------------------

        self.injection_err: int = (-1)

        self.injection_message: str = "Injection attempt detected"

        self.symbolssymbols: List[str] = [';', '--', '/*', '*/']

        self.keywordskeywords: List[str] = [

            'SELECT', 'INSERT', 'UPDATE', 'DELETE',

            'DROP', 'CREATE', 'ALTER', 'TABLE', 'UNION', 'JOIN', 'WHERE'

        ]

        self.command: List[str] = self.keywordskeywords

        self.logic_gateslogic_gates: List[str] = ['OR', 'AND', 'NOT']

        self.allall: List[str] = []

        self.allall.extend(self.keywordskeywords)

        self.allall.extend(self.symbolssymbols)

        self.allall.extend(self.keywordskeywords)


    def _perror(self, string: str = "") -> None:

        """ Print an error message """

        self.disp.disp_print_error(f"(Injection) {string}")


    def _is_base64(self, string: str) -> bool:

        """ Check if a string is base64 encoded """

        try:

            base64.b64decode(string, validate=True)

            return True

        except Exception:

            return False


    def check_if_symbol_sql_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if symbols are the source of the injection """

        if isinstance(string, List) is True:

            for i in string:

                if self.check_if_symbol_sql_injection(i) is True:

                    return True

            return False

        if isinstance(string, str) is True:

            if ";base64" in string:

                return self._is_base64(string)

            for i in self.symbolssymbols:

                if i in string:

                    self.disp.log_debug(

                        f"Failed for {string}, node {i} was found.",

                        "check_if_symbol_sql_injection"

                    )

                    return True

        else:

            msg = "(check_if_symbol_sql_injection) string must be a string or a List of strings"

            self._perror(msg)

            return True

        return False


    def check_if_command_sql_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if sql keywords are present """

        if self.debug is True:

            msg = "(check_if_command_sql_injection) string = "

            msg += f"'{string}', type(string) = '{type(string)}'"

            self.disp.disp_print_debug(msg)

        if isinstance(string, List) is True:

            for i in string:

                if self.check_if_command_sql_injection(i) is True:

                    return True

            return False

        if isinstance(string, str) is True:

            for i in self.keywordskeywords:

                if i in string:

                    self.disp.log_debug(

                        f"Failed for {string}, node {i} was found.",

                        "check_if_command_sql_injection"

                    )

                    return True

        else:

            msg = "(check_if_command_sql_injection) string must be a string or a List of strings"

            self._perror(msg)

            return True

        return False


    def check_if_logic_gate_sql_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if a logic gate is present """

        if isinstance(string, List) is True:

            for i in string:

                if self.check_if_logic_gate_sql_injection(i) is True:

                    return True

            return False

        if isinstance(string, str) is True:

            for i in self.logic_gateslogic_gates:

                if i in string:

                    self.disp.log_debug(

                        f"Failed for {string}, node {i} was found.",

                        "check_if_logic_gate_sql_injection"

                    )

                    return True

        else:

            msg = "(check_if_logic_gate_sql_injection) string must be a string or a List of strings"

            self._perror(msg)

            return True

        return False


    def check_if_symbol_and_command_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if symbols and commands are the source of the injection """

        is_symbol = self.check_if_symbol_sql_injection(string)

        is_command = self.check_if_command_sql_injection(string)

        if is_symbol is True or is_command is True:

            return True

        return False


    def check_if_symbol_and_logic_gate_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if symbols and logic gates are the source of the injection """

        is_symbol = self.check_if_symbol_sql_injection(string)

        is_logic_gate = self.check_if_logic_gate_sql_injection(string)

        if is_symbol is True or is_logic_gate is True:

            return True

        return False


    def check_if_command_and_logic_gate_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if command and logic gates are the source of the injection """

        is_command = self.check_if_command_sql_injection(string)

        is_logic_gate = self.check_if_logic_gate_sql_injection(string)

        if is_command is True or is_logic_gate is True:

            return True

        return False


    def check_if_sql_injection(self, string: Union[str, List[str]]) -> bool:

        """ Check if there is an sql injection, uses all the parameters """

        if isinstance(string, List) is True:

            for i in string:

                if self.check_if_sql_injection(i) is True:

                    return True

            return False

        if isinstance(string, str) is True:

            if ";base64" in string:

                return self._is_base64(string)

            for i in self.allall:

                if i in string:

                    return True

        else:

            msg = "(check_if_sql_injection) string must be a string or a List of strings"

            self._perror(msg)

            return True

        return False


    def check_if_injections_in_strings(self, array_of_strings: Union[str, List[str], List[List[str]]]) -> bool:

        """ Check if there is an injection in the provided array of strings """

        if isinstance(array_of_strings, List) is True:

            for i in array_of_strings:

                if isinstance(i, List) is True:

                    if self.check_if_injections_in_strings(i) is True:

                        return True

                    continue

                if isinstance(i, str) is False:

                    err_message = "(check_if_injections_in_strings) Expected a string but "

                    err_message += f"got an {type(i)}"

                    self._perror(err_message)

                    return True

                if self.check_if_sql_injection(i) is True:

                    return True

            return False

        if isinstance(array_of_strings, str) is True:

            if self.check_if_sql_injection(array_of_strings) is True:

                return True

            return False

        err_message = "(check_if_injections_in_strings) The provided item is neither a List a table or a string"

        self._perror(err_message)

        return False


    def run_test(self, title: str, array: List[str], function: object, expected_response: bool = False, global_status: int = 0) -> int:

        """ Run a test and return it's status"""

        err = 84

        global_response = global_status

        print(f"{title}", end="")

        for i in array:

            print(".", end="")

            response = function(i)

            if response != expected_response:

                print("[error]")

                global_response = err

        print("[success]")

        return global_response


    def test_injection_class(self) -> int:

        """ Test the injection class """

        success = 0

        global_status = success

        test_sentences = [

            "SHOW TABLES;",

            "SHOW Databases;",

            "DROP TABLES;",

            "SHOW DATABASE;",

            "SELECT * FROM table;",

        ]

        global_status = self.run_test(

            title="Logic gate test:",

            array=self.logic_gateslogic_gates,

            function=self.check_if_logic_gate_sql_injection,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="Keyword check:",

            array=self.keywordskeywords,

            function=self.check_if_command_sql_injection,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="Symbol check:",

            array=self.symbolssymbols,

            function=self.check_if_symbol_sql_injection,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="All injections:",

            array=self.allall,

            function=self.check_if_sql_injection,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="Array check:",

            array=[self.allall],

            function=self.check_if_injections_in_strings,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="Double array check:",

            array=[self.allall, self.allall],

            function=self.check_if_injections_in_strings,

            expected_response=True,

            global_status=global_status

        )

        global_status = self.run_test(

            title="SQL sentences:",

            array=test_sentences,

            function=self.check_if_sql_injection,

            expected_response=True,

            global_status=global_status

        )

        return global_status


if __name__ == "__main__":

    II = SQLInjection()

    res = II.test_injection_class()

    print(f"test status = {res}")

src.lib.sql.sql_injection.SQLInjection
Definition sql_injection.py:16

src.lib.sql.sql_injection.SQLInjection.command
List[str] command
Definition sql_injection.py:40

src.lib.sql.sql_injection.SQLInjection.run_test
int run_test(self, str title, List[str] array, object function, bool expected_response=False, int global_status=0)
Definition sql_injection.py:195

src.lib.sql.sql_injection.SQLInjection.symbols
str symbols
Definition sql_injection.py:69

src.lib.sql.sql_injection.SQLInjection.symbols
list symbols
Definition sql_injection.py:35

src.lib.sql.sql_injection.SQLInjection.check_if_command_sql_injection
bool check_if_command_sql_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:82

src.lib.sql.sql_injection.SQLInjection.all
list all
Definition sql_injection.py:42

src.lib.sql.sql_injection.SQLInjection.test_injection_class
int test_injection_class(self)
Definition sql_injection.py:209

src.lib.sql.sql_injection.SQLInjection.check_if_symbol_and_logic_gate_injection
bool check_if_symbol_and_logic_gate_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:136

src.lib.sql.sql_injection.SQLInjection._is_base64
bool _is_base64(self, str string)
Definition sql_injection.py:51

src.lib.sql.sql_injection.SQLInjection.keywords
list keywords
Definition sql_injection.py:36

src.lib.sql.sql_injection.SQLInjection.check_if_symbol_sql_injection
bool check_if_symbol_sql_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:59

src.lib.sql.sql_injection.SQLInjection.__init__
None __init__(self, int error=84, int success=0, bool debug=False)
Definition sql_injection.py:19

src.lib.sql.sql_injection.SQLInjection.all
str all
Definition sql_injection.py:162

src.lib.sql.sql_injection.SQLInjection.check_if_injections_in_strings
bool check_if_injections_in_strings(self, Union[str, List[str], List[List[str]]] array_of_strings)
Definition sql_injection.py:171

src.lib.sql.sql_injection.SQLInjection.check_if_logic_gate_sql_injection
bool check_if_logic_gate_sql_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:107

src.lib.sql.sql_injection.SQLInjection.keywords
str keywords
Definition sql_injection.py:94

src.lib.sql.sql_injection.SQLInjection.debug
bool debug
Definition sql_injection.py:21

src.lib.sql.sql_injection.SQLInjection.logic_gates
list logic_gates
Definition sql_injection.py:41

src.lib.sql.sql_injection.SQLInjection.disp
Disp disp
Definition sql_injection.py:25

src.lib.sql.sql_injection.SQLInjection.check_if_command_and_logic_gate_injection
bool check_if_command_and_logic_gate_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:144

src.lib.sql.sql_injection.SQLInjection.error
int error
Definition sql_injection.py:22

src.lib.sql.sql_injection.SQLInjection._perror
None _perror(self, str string="")
Definition sql_injection.py:47

src.lib.sql.sql_injection.SQLInjection.injection_message
str injection_message
Definition sql_injection.py:34

src.lib.sql.sql_injection.SQLInjection.check_if_symbol_and_command_injection
bool check_if_symbol_and_command_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:128

src.lib.sql.sql_injection.SQLInjection.logic_gates
str logic_gates
Definition sql_injection.py:115

src.lib.sql.sql_injection.SQLInjection.injection_err
tuple injection_err
Definition sql_injection.py:33

src.lib.sql.sql_injection.SQLInjection.success
int success
Definition sql_injection.py:23

src.lib.sql.sql_injection.SQLInjection.check_if_sql_injection
bool check_if_sql_injection(self, Union[str, List[str]] string)
Definition sql_injection.py:152