Ingen beskrivning

InjectionLexTest.py 1.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. from SQLInjection import *
  2. if __name__ == '__main__':
  3. sqlI = SQLInjection()
  4. # Test 1
  5. sample = """select cat from dog where casa=1 ;"""
  6. u_input = """select cat from dog where casa=2 ;"""
  7. print "Test 1"
  8. print "Sample: ", sample
  9. print "User In: ", u_input
  10. print "Is Valid?: ", sqlI.validateLex(sample, u_input)
  11. print
  12. # Test 2
  13. u_input = """select cat from dog where casa=1 and cat="miau" ;"""
  14. print "Test 1"
  15. print "Sample: ", sample
  16. print "User In: ", u_input
  17. print "Is Valid?: ", sqlI.validateLex(sample, u_input)
  18. print
  19. # Interactive Example with user input
  20. print "Follow the instruction and then try to inject SQL."
  21. while True:
  22. try:
  23. s = raw_input("Input a number> ")
  24. except EOFError:
  25. break
  26. u_input = """select cat from dog where casa=%s ;""" %s
  27. print "User query: %s" % u_input
  28. try:
  29. print "Is Valid?: ", sqlI.validateLex(sample, u_input)
  30. s_counter, u_counter = sqlI.getLastTokCounters()
  31. print "Token NUMBER sample: %s\t user:%s" % (s_counter["NUMBER"], u_counter["NUMBER"])
  32. print "Token ID sample: %s\t user:%s" % (s_counter["ID"], u_counter["ID"])
  33. print "Token LITERAL sample: %s\t user:%s" % (s_counter["LITERAL"], u_counter["LITERAL"])
  34. print "Token AND+OR sample: %s\t user:%s" % (s_counter["AND"] + s_counter["OR"], u_counter["AND"] + u_counter["OR"])
  35. print
  36. except:
  37. print "False"