Added tests for detecting tautologies

Former-commit-id: d86d82bb56b5be269cdf133334245865a8a05a7d

.gitattributes

@@ -51,6 +51,7 @@ appfw/tests/mysql/testintercept2.c -text
 appfw/tests/mysql/testintercept3.c -text
 appfw/tests/mysql/testintercept4.c -text
 appfw/tests/mysql/testmysql.c -text
+appfw/tests/mysql/testtautology.c -text
 appfw/tests/odbc/Makefile -text
 appfw/tests/odbc/odbc_exec_direct.c -text
 appfw/tests/odbc/testodbc.c -text

appfw/tests/mysql/Makefile

 APPFW_LIB=$(SECURITY_TRANSFORMS_HOME)/appfw/lib/libappfw.so64
 generate_signatures=$(PEASOUP_HOME)/tools/generate_string_signatures.sh
 
-all: testmysql.exe testintercept.exe testintercept2.exe testintercept3.exe testintercept4.exe testintercept.pstmt.exe
+all: testmysql.exe testintercept.exe testintercept2.exe testintercept3.exe testintercept4.exe testintercept.pstmt.exe testtautology.exe
+
+testtautology.o: testtautology.c
+	gcc -I/usr/include/mysql -c testtautology.c
+
+testtautology.exe: testtautology.o
+	gcc testtautology.o -o testtautology.exe -lmysqlclient
+	$(generate_signatures) testtautology.exe
 
 testmysql.o: testmysql.c
 	gcc -I/usr/include/mysql -c testmysql.c
@@ -49,10 +56,11 @@ clean:
 	rm -rf *.o *.tmp *.exe peasoup_executable_directory* test*.peasoup messages_to_tne.log ps_tne_logfile.txt appfw.db *.sigs
 
 peasoup: all
-	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept.exe testintercept.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off
-	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept2.exe testintercept2.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off
-	$(PEASOUP_HOME)/tools/ps_analyze.sh testmysql.exe testmysql.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off
-	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept.pstmt.exe testintercept.pstmt.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept.exe testintercept.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off --step twitchertransform=off
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept2.exe testintercept2.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off --step twitchertransform=off
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testmysql.exe testmysql.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off --step twitchertransform=off
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testintercept.pstmt.exe testintercept.pstmt.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off --step twitchertransform=off
+	$(PEASOUP_HOME)/tools/ps_analyze.sh testtautology.exe testtautology.exe.peasoup --step concolic=off --step integertransform=off --step p1transform=off --step ilr=off --step determine_program=off --step twitchertransform=off
 	
 run: all
 #	QUERY_DATA="David' or '0'='0" LD_PRELOAD=$(APPFW_LIB) APPFW_DB=appfw.db APPFW_SIGNATURE_FILE=testmysql.exe.sigs ./testmysql.exe 

appfw/tests/mysql/mysql.intercept.test.sh

@@ -105,5 +105,70 @@ if [ ! $? -eq 0 ]; then
 	cleanup 4 "False negative detected: should have intercepted and stopped attack query"
 fi
 
+#
+# test tautologies
+#
+APPFW_VERBOSE=1 QUERY_DATA="David' or '0'='0"  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 5 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or '0'>='0"  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 6 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or '0'<='0"  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 7 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 0=0 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 8 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 1>=0 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 9 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 23<=24 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 10 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 0.5=0.5 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 11 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 1.25>=1 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 12 "False negative detected: should have detected tautology"
+fi
+
+APPFW_VERBOSE=1 QUERY_DATA="David' or 23<=24.05 "  ./testtautology.exe.peasoup > $tmp 2>&1
+grep -i "injection" $tmp
+if [ ! $? -eq 0 ]; then
+	cat $tmp
+	cleanup 13 "False negative detected: should have detected tautology"
+fi
 
 cleanup 0 "Successfully tested mysql interception layer"

appfw/tests/mysql/testtautology.c

+#include <mysql.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) 
+{
+   MYSQL *conn = NULL;
+
+   char query[2048];
+   char *query_data = getenv("QUERY_DATA");
+
+   sprintf(query,"SELECT * FROM someTable WHERE id='%s'", query_data);
+
+   // make sure or and = are in the fragment set
+   printf("or");
+   printf("=");
+
+   printf("query: %s\n", query);
+
+   mysql_real_query(conn, query, strlen(query));
+}
+