Change default DB and update documentation (#140)

* Change default database * Update SQLI related documentation * fix tests
mushorg · Jun 1, 2017 · 7acfbc0 · 7acfbc0
1 parent d79e1b6
commit 7acfbc0
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 5 deletions.
diff --git a/docs/source/config.rst b/docs/source/config.rst
@@ -24,7 +24,11 @@ There are 8 different sections :
     :root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory
   * **SQLI**
 
-    :db_name: THe name of database used in SQLI emulator
+    :type: Supports two types MySQL/SQLITE
+    :db_name: The name of database used in SQLI emulator
+    :host: This will be used for MySQL to get the host address
+    :user: This is the MySQL user which perform DB queries
+    :password: The password corresponding to the above user
   * **LOGGER**
 
     :log_file: Location of tanner log file
@@ -47,7 +51,7 @@ If no file is specified, following json will be used as default:
      'TANNER': {'host': '0.0.0.0', 'port': 8090},
      'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
      'EMULATORS': {'root_dir': '/opt/tanner'},
-     'SQLI': {'db_name': 'tanner.db'},
+     'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
      'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
      'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
      'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}

diff --git a/docs/source/emulators.rst b/docs/source/emulators.rst
@@ -81,6 +81,11 @@ It emulates `SQL injection`_ vulnerability. This attack is detected by ``libinje
 The emulator copies the original database (see :doc:`db_setup` for more info about db) to a dummy database for every attacker.
 It uses UUID of the session for the attacker's db name. Every query is executed on the attacker's db.
 The emulator returns the result of the execution and the page where SNARE should show the result.
+It supports two types of DBs.
+* **SQLITE**
+  To enable it, set SQLI type to SQLITE in config
+* **MySQL**
+  To enable it, set SQLI type to MySQL in config and set other necessary fields - Host, User and Password
 
 
 .. _RFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Remote_File_Inclusion

diff --git a/tanner/config.py b/tanner/config.py
@@ -10,7 +10,7 @@
                    'TANNER': {'host': '0.0.0.0', 'port': 8090},
                    'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
                    'EMULATORS': {'root_dir': '/opt/tanner'},
-                   'SQLI': {'type':'MySQL', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
+                   'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
                    'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
                    'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
                    'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'},

diff --git a/tanner/tests/test_config.py b/tanner/tests/test_config.py
@@ -15,7 +15,7 @@ def setUp(self):
             'TANNER': {'host': '0.0.0.0', 'port': '9000'},
             'REDIS': {'host': 'localhost', 'port': '1337', 'poolsize': '40', 'timeout': '5'},
             'EMULATORS': {'root_dir': '/tmp/user_tanner'},
-            'SQLI': {'type':'MySQL', 'db_name': 'user_tanner_db', 'host':'localhost', 'user':'user_name', 'password':'user_pass'},
+            'SQLI': {'type':'SQLITE', 'db_name': 'user_tanner_db', 'host':'localhost', 'user':'user_name', 'password':'user_pass'},
 				  'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
             'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
             'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/user_tanner_report.json'}
@@ -59,7 +59,7 @@ def test_get_when_file_dont_exists(self):
             'TANNER': {'host': '0.0.0.0', 'port': 8090},
             'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
             'EMULATORS': {'root_dir': '/opt/tanner'},
-            'SQLI': {'type':'MySQL', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
+            'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
             'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
             'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
             'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}