2015-04-09 20:01:23 +00:00
|
|
|
# encoding: utf-8
|
2015-07-15 13:15:18 +00:00
|
|
|
# copyright: 2015, Vulcano Security GmbH
|
2015-04-09 20:01:23 +00:00
|
|
|
# license: All rights reserved
|
|
|
|
|
2015-06-22 16:21:09 +00:00
|
|
|
$__SCOPE = self
|
2015-06-22 15:57:07 +00:00
|
|
|
|
2015-08-28 19:41:48 +00:00
|
|
|
class MysqlSession < Vulcano.resource(1)
|
|
|
|
name 'mysql_session'
|
|
|
|
|
2015-09-03 18:43:58 +00:00
|
|
|
def initialize(user, pass)
|
2015-04-09 20:01:23 +00:00
|
|
|
@user = user
|
|
|
|
@pass = pass
|
2015-06-22 13:24:35 +00:00
|
|
|
initialize_fallback if user.nil? or pass.nil?
|
2015-06-22 14:18:40 +00:00
|
|
|
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
|
2015-04-09 20:01:23 +00:00
|
|
|
end
|
|
|
|
|
2015-09-05 14:07:54 +00:00
|
|
|
def describe(query, db = '', &block)
|
2015-04-09 20:01:23 +00:00
|
|
|
# TODO: simple escape, must be handled by a library
|
|
|
|
# that does this securely
|
2015-09-05 14:07:54 +00:00
|
|
|
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
2015-04-09 20:01:23 +00:00
|
|
|
# run the query
|
2015-08-30 02:33:15 +00:00
|
|
|
cmd = vulcano.run_command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
|
2015-04-09 20:01:23 +00:00
|
|
|
out = cmd.stdout + "\n" + cmd.stderr
|
|
|
|
if out =~ /Can't connect to .* MySQL server/ or
|
|
|
|
out.downcase =~ /^error/
|
|
|
|
# skip this test if the server can't run the query
|
2015-06-22 14:33:22 +00:00
|
|
|
skip_resource("Can't connect to MySQL instance for SQL checks.")
|
2015-04-09 20:01:23 +00:00
|
|
|
else
|
2015-06-22 15:57:07 +00:00
|
|
|
$__SCOPE.describe(cmd, &block)
|
2015-04-09 20:01:23 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-06-22 13:24:35 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def initialize_fallback
|
|
|
|
# support debian mysql administration login
|
2015-09-04 07:59:30 +00:00
|
|
|
debian = vulcano.run_command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
|
2015-09-09 16:37:16 +00:00
|
|
|
return if debian.empty?
|
|
|
|
|
|
|
|
user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
|
|
|
|
pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
|
|
|
|
return if user.nil? or pass.nil?
|
|
|
|
@user = user[1]
|
|
|
|
@pass = pass[1]
|
2015-06-22 13:24:35 +00:00
|
|
|
end
|
2015-04-09 20:01:23 +00:00
|
|
|
end
|