fluidasserts.db.mssql module

Dynamic Application Security Testing Suite of Microsoft SQL Server.

class fluidasserts.db.mssql.ConnectionString(dbname, user, password, host, port)

Bases: tuple

Create new instance of ConnectionString(dbname, user, password, host, port)

property dbname

Alias for field number 0

property host

Alias for field number 3

property password

Alias for field number 2

property port

Alias for field number 4

property user

Alias for field number 1

fluidasserts.db.mssql.can_execute_commands(dbname, user, password, host, port)

Check if the user can execute OS commands.

Parameters
  • dbname (str) – database name.

  • user (str) – username with access permissions to the database.

  • password (str) – database password.

  • host (str) – database ip.

  • port (int) – database port.

Returns

  • OPEN if we were able execute OS commands.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.db.mssql.databse(connection_string)

Context manager to get a safe connection and a cursor.

Parameters

connection_string (fluidasserts.db.mssql.ConnectionString) – Connection parameter and credentials.

Return type

typing.Iterable[typing.Tuple[pymssql.Connection, pymssql.Cursor]]

Returns

A tuple of (connection object, cursor object).

fluidasserts.db.mssql.has_text(dbname, user, password, host, port, query, expected_text)

Check if the executed query return the expected text.

Parameters
  • dbname (str) – database name.

  • user (str) – username with access permissions to the database.

  • password (str) – database password.

  • host (str) – database ip.

  • port (int) – database port.

  • query (str) – query to execute.

  • expected_text (str) – expected text of the query.

Returns

  • OPEN if query result is equal to the expected_text

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.db.mssql.have_access(dbname, user, password, host, port)

Check if the given connection parameters allow to connect to the database.

Parameters
  • dbname (str) – database name.

  • user (str) – username with access permissions to the database.

  • password (str) – database password.

  • host (str) – database ip.

  • port (int) – database port.

Returns

  • OPEN if we were able to connect to the database.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result