| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- from SQLInjection import *
-
- if __name__ == '__main__':
-
- sqlI = SQLInjection()
-
- # Test 1
- sample = """select cat from dog where casa=1 ;"""
- u_input = """select cat from dog where casa=2 ;"""
-
- print "Test 1"
- print "Sample: ", sample
- print "User In: ", u_input
- print "Is Valid?: ", sqlI.validateLex(sample, u_input)
- print
-
- # Test 2
-
- u_input = """select cat from dog where casa=1 and cat="miau" ;"""
- print "Test 1"
- print "Sample: ", sample
- print "User In: ", u_input
- print "Is Valid?: ", sqlI.validateLex(sample, u_input)
- print
-
- # Interactive Example with user input
-
- print "Follow the instruction and then try to inject SQL."
-
- while True:
- try:
- s = raw_input("Input a number> ")
- except EOFError:
- break
-
- u_input = """select cat from dog where casa=%s ;""" %s
- print "User query: %s" % u_input
-
- try:
- print "Is Valid?: ", sqlI.validateLex(sample, u_input)
- s_counter, u_counter = sqlI.getLastTokCounters()
- print "Token NUMBER sample: %s\t user:%s" % (s_counter["NUMBER"], u_counter["NUMBER"])
- print "Token ID sample: %s\t user:%s" % (s_counter["ID"], u_counter["ID"])
- print "Token LITERAL sample: %s\t user:%s" % (s_counter["LITERAL"], u_counter["LITERAL"])
- print "Token AND+OR sample: %s\t user:%s" % (s_counter["AND"] + s_counter["OR"], u_counter["AND"] + u_counter["OR"])
- print
- except:
- print "False"
-
-
-
|
