SQL-attack-testsuite/test_suite.py at main · Siponek/SQL-attack-testsuite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import pytest
import requests
from bs4 import BeautifulSoup
from pathlib import Path
import yaml
import colorama
from colorama import Fore
from enum import Enum

colorama.init(autoreset=True)

BASE_URL = "http://localhost:8000/"
PHP_FILES_PATH = "./pages"
CONFIG_FILE_PATH = "attack_payloads.yaml"


class RequestType(Enum):
    GET = 1
    POST = 2


php_files: list = list(Path(PHP_FILES_PATH).rglob("*.php"))
endpoints: list = [file.name for file in php_files]

with open(CONFIG_FILE_PATH, "r", encoding="utf-8") as config_file:
    config = yaml.load(config_file, Loader=yaml.FullLoader)

headers: dict = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
}

QUERY_PARAMS: dict = {
    "find": {"type": "search", "request_type": RequestType.GET},
    "login": {"type": ["user", "pass"], "request_type": RequestType.POST},
    "search_by_price": {"type": "max", "request_type": RequestType.GET},
    "search": {"type": "search", "request_type": RequestType.GET},
}


def get_route_based_info(dictionary: dict, url: str) -> dict:
    for key in dictionary:
        if key in url:
            return dictionary[key]
    raise ValueError(
        f"No testing type found for given route {Fore.LIGHTRED_EX + url + Fore.RESET}. Make sure that the page has either search, search_by_price, login or find in the name."
    )


@pytest.fixture(scope="module")
def session() -> requests.Session:
    return requests.Session()


@pytest.mark.parametrize(
    "endpoint,test_name, payload_dict, query_info, test_type",
    [
        (
            e,
            test_name,
            attack_dict,
            get_route_based_info(dictionary=QUERY_PARAMS, url=e),
            t,
        )
        for e in endpoints
        for t in ["functional_test", "error_based", "union"]
        for test_name, attack_dict in get_route_based_info(
            dictionary=config, url=e
        )
        .get(t)
        .items()
    ],
)
def test_sql_inject(
    session: requests.Session,
    endpoint: str,
    test_name: str,
    payload_dict: dict,
    query_info: dict,
    test_type: str,
) -> None:
    """The function that tests the SQL injection. Takes into account the type of the request and the type of the test [Functional test or Penetration Union / Error-based].

    Args:
        session (requests.Session): _description_
        endpoint (str): _description_
        test_name (str): _description_
        payload_dict (dict): _description_
        query_info (dict): _description_
        test_type (str): _description_
    """
    url_to_test: str
    response: requests.Response
    if query_info["request_type"] == RequestType.POST:
        url_to_test = f"{BASE_URL}{endpoint}"
        response = session.post(
            url_to_test,
            data=dict(zip(query_info["type"], payload_dict.get("payload"))),
        )
    else:
        url_to_test = f"{BASE_URL}{endpoint}?{query_info['type']}={payload_dict.get('payload')}"
        response = session.get(url_to_test, headers=headers)

    soup = BeautifulSoup(response.text, "html.parser")
    assert (
        response.status_code == 200
    ), f"Expected status code 200, but got {response.status_code}"

    # if test_type in ["functional_test", "error_based"]:
    if test_type in ["union", "error_based"]:
        assert (
            payload_dict["expected"] not in soup.text
        ), f"{Fore.LIGHTCYAN_EX}{endpoint}/{test_name} failed"
    else:
        assert (
            payload_dict["expected"] in soup.text
        ), f"{Fore.LIGHTCYAN_EX}{endpoint}/{test_name} failed"