kh: init

Kaizhe Huang · Kaizhe Huang · commit 69f12a03a8c3 · 2018-08-01T11:19:52.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+*.swp
+sqlidetect
+.idea
+./container/bin/sqlidetect
diff --git a/Makefile b/Makefile
@@ -0,0 +1,14 @@
+.PHONY: all
+
+all: deps test build
+
+deps:
+	@echo "+ $@"
+	./scripts/deps
+test:
+	@echo "+ $@"
+	./scripts/test
+build:
+	@echo "+ $@"
+	./scripts/build
+
diff --git a/SQLFingerPrint.go b/SQLFingerPrint.go
@@ -0,0 +1,71 @@
+package main
+
+import (
+	"log"
+
+	sqlParser "github.com/youtube/vitess/go/vt/sqlparser"
+)
+
+const (
+	// DML is SQL DML type statement
+	DML = iota
+	// DDL is SQL DDL type statement
+	DDL
+)
+
+// SQLStatementFP is SQL Statement Fingerprint structure
+type SQLStatementFP struct {
+	StatementFP string
+	SQLType     int
+}
+
+func fingerprintSQL(matchedSQL string) SQLStatementFP {
+	var sqlType int
+
+	tokens := sqlParser.NewStringTokenizer(matchedSQL)
+	for {
+		stmt, err := sqlParser.ParseNext(tokens)
+		//if err == io.EOF {
+		//	break
+		//}
+
+		if err == nil {
+			buf := sqlParser.NewTrackedBuffer(nil)
+			buf.Myprintf("%v", stmt)
+
+			switch stmt.(type) {
+			case *sqlParser.Select:
+				sqlType = DML
+			case *sqlParser.Insert:
+				sqlType = DML
+			case *sqlParser.Update:
+				sqlType = DML
+			case *sqlParser.Delete:
+				sqlType = DML
+			default:
+				sqlType = DDL // treat all non-DML sql statements as DDL for now
+			}
+
+			// walk through the parsed nodes in the SQL statement and replace the value node with ?
+			_ = sqlParser.Walk(func(node sqlParser.SQLNode) (kontinue bool, err error) {
+				switch node := node.(type) {
+				case *sqlParser.SQLVal:
+					node.Val = []byte("?")
+				}
+
+				return true, nil
+			}, stmt)
+
+			// rest buffer to empty
+			buf.Reset()
+			buf.Myprintf("%v", stmt)
+
+			return SQLStatementFP{buf.ParsedQuery().Query, sqlType}
+
+		} else {
+			log.Println("something wrong here: " + matchedSQL)
+			break
+		}
+	}
+	return SQLStatementFP{}
+}
diff --git a/build.sh b/build.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+docker build -t nodejs-sqldetect -f Dockerfile-web .
diff --git a/container/Dockerfile b/container/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:latest
+
+RUN apt-get update && apt-get install -y tshark net-tools sudo
+
+ADD ./bin/sqlidetect /
+
+ADD ./entrypoint.sh /
+
+CMD ["/entrypoint.sh"]
diff --git a/container/entrypoint.sh b/container/entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+RET=$(ifconfig | grep docker0 | wc -l)
+while [ $RET -eq 0 ]
+do
+	sleep 1
+	RET=$(ifconfig | grep docker0 | wc -l)
+done
+
+#tshark -i docker0 -Y "mysql.command==3" -T fields -e mysql.query
+/sqlidetect
diff --git a/fp_test.go b/fp_test.go
@@ -0,0 +1,14 @@
+package main
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestFP(t *testing.T) {
+	stmt := "select a, b, c from table1 where a = 5 and b > 6"
+
+	fp := fingerprintSQL(stmt)
+	assert.Equal(t, fp.StatementFP, "select a, b, c from table1 where a = ? and b > ?")
+	assert.Equal(t, fp.SQLType, DML)
+}
diff --git a/main.go b/main.go
@@ -0,0 +1,42 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"log"
+	"os/exec"
+)
+
+func main() {
+	fmt.Println("SQLi Detector is running...")
+
+	pr, pw := io.Pipe()
+	defer pw.Close()
+
+	// tell the command to write to our pipe
+	cmd := exec.Command("tshark", "-i", "docker0", "-Y", "mysql.command==3", "-T", "fields", "-e", "mysql.query")
+	cmd.Stdout = pw
+
+	go func() {
+		defer pr.Close()
+		r := bufio.NewReader(pr)
+		for {
+			line, _, err := r.ReadLine()
+			// process buf
+			if err != nil && err != io.EOF {
+				log.Fatal(err)
+			}
+			// s is the sql statement passed in from tshark
+			fp := fingerprintSQL(string(line))
+			fmt.Println(fp.StatementFP)
+		}
+
+	}()
+
+	// run the command, which writes all output to the PipeWriter
+	// which then ends up in the PipeReader
+	if err := cmd.Run(); err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/run.sh b/run.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# This is the script to run the SQLi Detector container on localhost and listen on docker0 interface
+
+docker run -it --rm --net=host --cap-add=NET_ADMIN --name sqli kaizheh/sqlidetect
diff --git a/scripts/build b/scripts/build
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eux
+
+rm -f container/bin/sqlidetect
+
+go fmt ./
+
+CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o container/bin/sqlidetect .
+
+cd container
+
+docker build -t kaizheh/sqlidetect .
+
+docker push kaizheh/sqlidetect
diff --git a/scripts/deps b/scripts/deps
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+go get github.com/youtube/vitess/go/vt/sqlparser
+go get github.com/stretchr/testify/assert
diff --git a/scripts/test b/scripts/test
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+go test ./...

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/sh`
	`2`	`+docker build -t nodejs-sqldetect -f Dockerfile-web .`