2 @message |
Authentification problem
AssertionError: assert
- -- Executed with role: NONE. Expressions that passes WITHOUT errors:
+ Statement failed, SQLSTATE = 42000
+ Execute statement error at attach :
+ 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
+ Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
+ -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
+ <null>
-- count_of_passed: 0
- -- gdscode list for blocked: 335544926
+ -- gdscode list for blocked: <null>
- -- Executed with role: RDB$ADMIN. Expressions that passes WITHOUT errors:
+ Statement failed, SQLSTATE = 42000
+ Execute statement error at attach :
+ 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
+ Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
+ -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
+ <null>
- -- count_of_passed: 23
+ -- count_of_passed: 0
- VULNERABLE_EXPR insert into RDB$BACKUP_HISTORY(RDB$BACKUP_ID , RDB$TIMESTAMP , RDB$BACKUP_LEVEL , RDB$GUID , RDB$SCN , RDB$FILE_NAME) values(null, null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR delete from RDB$DB_CREATORS t rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR insert into RDB$DB_CREATORS(RDB$USER , RDB$USER_TYPE) values(null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = 'C' rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = 32767 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$FUNCTIONS t set t.RDB$FUNCTION_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_BODY_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_HEADER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$PROCEDURES t set t.RDB$PROCEDURE_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$RELATIONS t set t.RDB$VIEW_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TRIGGERS t set t.RDB$TRIGGER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR insert into RDB$TYPES(RDB$FIELD_NAME , RDB$TYPE , RDB$TYPE_NAME , RDB$DESCRIPTION , RDB$SYSTEM_FLAG) values(null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = 'test_for_blob' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$SYSTEM_FLAG = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
- -- gdscode list for blocked: 335544926
+ -- gdscode list for blocked: <null>
LOG DETAILS:
2024-05-12 19:15:52.532
2024-05-12 19:15:52.536 act = <firebird.qa.plugin.Action object at [hex]>
2024-05-12 19:15:52.541 dba_privileged_user = <firebird.qa.plugin.User object at [hex]>
2024-05-12 19:15:52.546 non_privileged_user = <firebird.qa.plugin.User object at [hex]>
2024-05-12 19:15:52.551 capsys = <_pytest.capture.CaptureFixture object at [hex]>
2024-05-12 19:15:52.555
2024-05-12 19:15:52.560 @pytest.mark.version('>=3.0')
2024-05-12 19:15:52.565 def test_1(act: Action, dba_privileged_user: User, non_privileged_user: User, capsys):
2024-05-12 19:15:52.569 # Run prepare script
2024-05-12 19:15:52.574 prep_script = (act.files_dir / 'core_4731.sql').read_text()
2024-05-12 19:15:52.579 prep_script = prep_script % {'dba_privileged_name': dba_privileged_user.name,
2024-05-12 19:15:52.584 'non_privileged_name': non_privileged_user.name}
2024-05-12 19:15:52.589 act.isql(switches=['-q'], input=prep_script, combine_output = True)
2024-05-12 19:15:52.594 assert act.clean_stdout == ''
2024-05-12 19:15:52.599 act.reset()
2024-05-12 19:15:52.604
2024-05-12 19:15:52.610 # Remove all attachments that can stay alive after preparing DB because of ExtConnPoolLifeTime > 0:
2024-05-12 19:15:52.615 with act.connect_server() as srv:
2024-05-12 19:15:52.621 srv.database.shutdown(database=act.db.db_path, mode=ShutdownMode.FULL,
2024-05-12 19:15:52.626 method=ShutdownMethod.FORCED, timeout=0)
2024-05-12 19:15:52.631 srv.database.bring_online(database=act.db.db_path)
2024-05-12 19:15:52.635 #
2024-05-12 19:15:52.640 test_script = f"""
2024-05-12 19:15:52.645 -- ###################################################################################
2024-05-12 19:15:52.650 -- R U N A S N O N - P R I V I L E G E D U S E R
2024-05-12 19:15:52.655 -- ###################################################################################
2024-05-12 19:15:52.660 execute procedure sp_run_vulnerable_expressions('{non_privileged_user.name}', '123', 'NONE');
2024-05-12 19:15:52.665
2024-05-12 19:15:52.671 -- Note: as of build 3.0.31810, we can SKIP restoring of 'pure-state' of RDB$ tables
2024-05-12 19:15:52.677 -- after this SP because non-privileged user can NOT change enything.
2024-05-12 19:15:52.682 -- All his attempts should FAIL, system tables should be in unchanged state.
2024-05-12 19:15:52.686
2024-05-12 19:15:52.691 set list off;
2024-05-12 19:15:52.696 set heading off;
2024-05-12 19:15:52.701
2024-05-12 19:15:52.705 select '-- Executed with role: '||trim(( select actual_role from vulnerable_on_sys_tables rows 1 ))
2024-05-12 19:15:52.710 ||'. Expressions that passes WITHOUT errors:' as msg
2024-05-12 19:15:52.715 from rdb$database
2024-05-12 19:15:52.719 ;
2024-05-12 19:15:52.724
2024-05-12 19:15:52.729 commit; -- 11-04-2018, do not remove!
2024-05-12 19:15:52.734 set transaction no wait;
2024-05-12 19:15:52.739
2024-05-12 19:15:52.743 set list on;
2024-05-12 19:15:52.748 select count(*) as "-- count_of_passed: "
2024-05-12 19:15:52.753 from v_passed;
2024-05-12 19:15:52.758
2024-05-12 19:15:52.762 set list on;
2024-05-12 19:15:52.767 select * from v_passed;
2024-05-12 19:15:52.773
2024-05-12 19:15:52.778 set list on;
2024-05-12 19:15:52.783 select distinct vulnerable_gdscode as "-- gdscode list for blocked:"
2024-05-12 19:15:52.787 from vulnerable_on_sys_tables
2024-05-12 19:15:52.792 where vulnerable_gdscode is distinct from -1;
2024-05-12 19:15:52.797
2024-05-12 19:15:52.802 -- #########################################################################################
2024-05-12 19:15:52.809 -- R U N A S U S E R W H O I S G R A N T E D W I T H R B D $ A D M I N
2024-05-12 19:15:52.816 -- #########################################################################################
2024-05-12 19:15:52.822 execute procedure sp_run_vulnerable_expressions('{dba_privileged_user.name}', '123', 'RDB$ADMIN');
2024-05-12 19:15:52.827
2024-05-12 19:15:52.832 set list off;
2024-05-12 19:15:52.838 set heading off;
2024-05-12 19:15:52.844
2024-05-12 19:15:52.850 select '-- Executed with role: '||trim(( select actual_role from vulnerable_on_sys_tables rows 1 ))
2024-05-12 19:15:52.855 ||'. Expressions that passes WITHOUT errors:' as msg
2024-05-12 19:15:52.862 from rdb$database
2024-05-12 19:15:52.869 ;
2024-05-12 19:15:52.875 commit; -- 11-04-2018, do not remove!
2024-05-12 19:15:52.881
2024-05-12 19:15:52.887 set list on;
2024-05-12 19:15:52.892 select count(*) as "-- count_of_passed: "
2024-05-12 19:15:52.899 from v_passed;
2024-05-12 19:15:52.905
2024-05-12 19:15:52.911 set list on;
2024-05-12 19:15:52.918 select * from v_passed;
2024-05-12 19:15:52.924
2024-05-12 19:15:52.932 set list on;
2024-05-12 19:15:52.936 select distinct vulnerable_gdscode as "-- gdscode list for blocked:"
2024-05-12 19:15:52.941 from vulnerable_on_sys_tables
2024-05-12 19:15:52.945 where vulnerable_gdscode is distinct from -1;
2024-05-12 19:15:52.950
2024-05-12 19:15:52.954 ----------------
2024-05-12 19:15:52.959 commit;
2024-05-12 19:15:52.964
2024-05-12 19:15:52.968 connect '{act.db.dsn}' user '{act.db.user}' password '{act.db.password}';
2024-05-12 19:15:52.973
2024-05-12 19:15:52.978 -- ||||||||||||||||||||||||||||
2024-05-12 19:15:52.983 -- ###################################||| FB 4.0+, SS and SC |||##############################
2024-05-12 19:15:52.988 -- ||||||||||||||||||||||||||||
2024-05-12 19:15:52.994 -- If we check SS or SC and ExtConnPoolLifeTime > 0 (config parameter FB 4.0+) then current
2024-05-12 19:15:53.000 -- DB (bugs.core_NNNN.fdb) will be 'captured' by firebird.exe process and fbt_run utility
2024-05-12 19:15:53.005 -- will not able to drop this database at the final point of test.
2024-05-12 19:15:53.012 -- Moreover, DB file will be hold until all activity in firebird.exe completed and AFTER this
2024-05-12 19:15:53.019 -- we have to wait for <ExtConnPoolLifeTime> seconds after it (discussion and small test see
2024-05-12 19:15:53.025 -- in the letter to hvlad and dimitr 13.10.2019 11:10).
2024-05-12 19:15:53.032 -- This means that one need to kill all connections to prevent from exception on cleanup phase:
2024-05-12 19:15:53.037 -- SQLCODE: -901 / lock time-out on wait transaction / object <this_test_DB> is in use
2024-05-12 19:15:53.042 -- #############################################################################################
2024-05-12 19:15:53.046 delete from mon$attachments where mon$attachment_id != current_connection;
2024-05-12 19:15:53.051 commit;
2024-05-12 19:15:53.056 """
2024-05-12 19:15:53.061
2024-05-12 19:15:53.066 act.expected_stdout = fb3x_expected_out if act.is_version('<4') else fb4x_expected_out
2024-05-12 19:15:53.071 act.isql(switches=['-q'], input=test_script, combine_output = True)
2024-05-12 19:15:53.075 > assert act.clean_stdout == act.clean_expected_stdout
2024-05-12 19:15:53.082 E AssertionError: assert
2024-05-12 19:15:53.086 E - -- Executed with role: NONE. Expressions that passes WITHOUT errors:
2024-05-12 19:15:53.091 E + Statement failed, SQLSTATE = 42000
2024-05-12 19:15:53.096 E + Execute statement error at attach :
2024-05-12 19:15:53.101 E + 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
2024-05-12 19:15:53.105 E + Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
2024-05-12 19:15:53.110 E + -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
2024-05-12 19:15:53.115 E + <null>
2024-05-12 19:15:53.120 E -- count_of_passed: 0
2024-05-12 19:15:53.124 E - -- gdscode list for blocked: 335544926
2024-05-12 19:15:53.134 E + -- gdscode list for blocked: <null>
2024-05-12 19:15:53.143 E - -- Executed with role: RDB$ADMIN. Expressions that passes WITHOUT errors:
2024-05-12 19:15:53.147 E + Statement failed, SQLSTATE = 42000
2024-05-12 19:15:53.152 E + Execute statement error at attach :
2024-05-12 19:15:53.156 E + 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
2024-05-12 19:15:53.161 E + Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
2024-05-12 19:15:53.166 E + -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
2024-05-12 19:15:53.170 E + <null>
2024-05-12 19:15:53.174 E - -- count_of_passed: 23
2024-05-12 19:15:53.185 E + -- count_of_passed: 0
2024-05-12 19:15:53.194 E - VULNERABLE_EXPR insert into RDB$BACKUP_HISTORY(RDB$BACKUP_ID , RDB$TIMESTAMP , RDB$BACKUP_LEVEL , RDB$GUID , RDB$SCN , RDB$FILE_NAME) values(null, null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.199 E - VULNERABLE_EXPR delete from RDB$DB_CREATORS t rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.204 E - VULNERABLE_EXPR insert into RDB$DB_CREATORS(RDB$USER , RDB$USER_TYPE) values(null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.209 E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = 'C' rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.214 E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.236 E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = 32767 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.242 E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.247 E - VULNERABLE_EXPR update RDB$FUNCTIONS t set t.RDB$FUNCTION_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.253 E - VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_BODY_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.259 E - VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_HEADER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.264 E - VULNERABLE_EXPR update RDB$PROCEDURES t set t.RDB$PROCEDURE_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.270 E - VULNERABLE_EXPR update RDB$RELATIONS t set t.RDB$VIEW_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.276 E - VULNERABLE_EXPR update RDB$TRIGGERS t set t.RDB$TRIGGER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.282 E - VULNERABLE_EXPR insert into RDB$TYPES(RDB$FIELD_NAME , RDB$TYPE , RDB$TYPE_NAME , RDB$DESCRIPTION , RDB$SYSTEM_FLAG) values(null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.288 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = 'test_for_blob' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.293 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.298 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.304 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.311 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$SYSTEM_FLAG = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.317 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.322 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.327 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.332 E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
2024-05-12 19:15:53.337 E - -- gdscode list for blocked: 335544926
2024-05-12 19:15:53.347 E + -- gdscode list for blocked: <null>
2024-05-12 19:15:53.356
2024-05-12 19:15:53.361 tests/bugs/core_4731_test.py:230: AssertionError
2024-05-12 19:15:53.367 ---------------------------- Captured stdout setup -----------------------------
2024-05-12 19:15:53.378 Cached db: db-12.0-None-None-NONE.fdb [page_size=None, sql_dialect=None, charset='NONE'
2024-05-12 19:15:53.386 DROP user: TMP_C4731_COOLDBA PLUGIN: Srp
2024-05-12 19:15:53.391 CREATE user: TMP_C4731_COOLDBA PLUGIN: Srp
2024-05-12 19:15:53.396 DROP user: TMP_C4731_MANAGER PLUGIN: Srp
2024-05-12 19:15:53.401 CREATE user: TMP_C4731_MANAGER PLUGIN: Srp
|
3 #text |
act = <firebird.qa.plugin.Action pytest object at [hex]>
dba_privileged_user = <firebird.qa.plugin.User pytest object at [hex]>
non_privileged_user = <firebird.qa.plugin.User pytest object at [hex]>
capsys = <_pytest.capture.CaptureFixture pytest object at [hex]>
@pytest.mark.version('>=3.0')
def test_1(act: Action, dba_privileged_user: User, non_privileged_user: User, capsys):
# Run prepare script
prep_script = (act.files_dir / 'core_4731.sql').read_text()
prep_script = prep_script % {'dba_privileged_name': dba_privileged_user.name,
'non_privileged_name': non_privileged_user.name}
act.isql(switches=['-q'], input=prep_script, combine_output = True)
assert act.clean_stdout == ''
act.reset()
# Remove all attachments that can stay alive after preparing DB because of ExtConnPoolLifeTime > 0:
with act.connect_server() as srv:
srv.database.shutdown(database=act.db.db_path, mode=ShutdownMode.FULL,
method=ShutdownMethod.FORCED, timeout=0)
srv.database.bring_online(database=act.db.db_path)
#
test_script = f"""
-- ###################################################################################
-- R U N A S N O N - P R I V I L E G E D U S E R
-- ###################################################################################
execute procedure sp_run_vulnerable_expressions('{non_privileged_user.name}', '123', 'NONE');
-- Note: as of build 3.0.31810, we can SKIP restoring of 'pure-state' of RDB$ tables
-- after this SP because non-privileged user can NOT change enything.
-- All his attempts should FAIL, system tables should be in unchanged state.
set list off;
set heading off;
select '-- Executed with role: '||trim(( select actual_role from vulnerable_on_sys_tables rows 1 ))
||'. Expressions that passes WITHOUT errors:' as msg
from rdb$database
;
commit; -- 11-04-2018, do not remove!
set transaction no wait;
set list on;
select count(*) as "-- count_of_passed: "
from v_passed;
set list on;
select * from v_passed;
set list on;
select distinct vulnerable_gdscode as "-- gdscode list for blocked:"
from vulnerable_on_sys_tables
where vulnerable_gdscode is distinct from -1;
-- #########################################################################################
-- R U N A S U S E R W H O I S G R A N T E D W I T H R B D $ A D M I N
-- #########################################################################################
execute procedure sp_run_vulnerable_expressions('{dba_privileged_user.name}', '123', 'RDB$ADMIN');
set list off;
set heading off;
select '-- Executed with role: '||trim(( select actual_role from vulnerable_on_sys_tables rows 1 ))
||'. Expressions that passes WITHOUT errors:' as msg
from rdb$database
;
commit; -- 11-04-2018, do not remove!
set list on;
select count(*) as "-- count_of_passed: "
from v_passed;
set list on;
select * from v_passed;
set list on;
select distinct vulnerable_gdscode as "-- gdscode list for blocked:"
from vulnerable_on_sys_tables
where vulnerable_gdscode is distinct from -1;
----------------
commit;
connect '{act.db.dsn}' user '{act.db.user}' password '{act.db.password}';
-- ||||||||||||||||||||||||||||
-- ###################################||| FB 4.0+, SS and SC |||##############################
-- ||||||||||||||||||||||||||||
-- If we check SS or SC and ExtConnPoolLifeTime > 0 (config parameter FB 4.0+) then current
-- DB (bugs.core_NNNN.fdb) will be 'captured' by firebird.exe process and fbt_run utility
-- will not able to drop this database at the final point of test.
-- Moreover, DB file will be hold until all activity in firebird.exe completed and AFTER this
-- we have to wait for <ExtConnPoolLifeTime> seconds after it (discussion and small test see
-- in the letter to hvlad and dimitr 13.10.2019 11:10).
-- This means that one need to kill all connections to prevent from exception on cleanup phase:
-- SQLCODE: -901 / lock time-out on wait transaction / object <this_test_DB> is in use
-- #############################################################################################
delete from mon$attachments where mon$attachment_id != current_connection;
commit;
"""
act.expected_stdout = fb3x_expected_out if act.is_version('<4') else fb4x_expected_out
act.isql(switches=['-q'], input=test_script, combine_output = True)
> assert act.clean_stdout == act.clean_expected_stdout
E AssertionError: assert
E - -- Executed with role: NONE. Expressions that passes WITHOUT errors:
E + Statement failed, SQLSTATE = 42000
E + Execute statement error at attach :
E + 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
E + Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
E + -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
E + <null>
E -- count_of_passed: 0
E - -- gdscode list for blocked: 335544926
E + -- gdscode list for blocked: <null>
E - -- Executed with role: RDB$ADMIN. Expressions that passes WITHOUT errors:
E + Statement failed, SQLSTATE = 42000
E + Execute statement error at attach :
E + 335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
E + Data source : Firebird::localhost:/var/tmp/qa_2024/test_1929/test.fdb
E + -At procedure 'SP_RUN_VULNERABLE_EXPRESSIONS' line: 22, col: 3
E + <null>
E - -- count_of_passed: 23
E + -- count_of_passed: 0
E - VULNERABLE_EXPR insert into RDB$BACKUP_HISTORY(RDB$BACKUP_ID , RDB$TIMESTAMP , RDB$BACKUP_LEVEL , RDB$GUID , RDB$SCN , RDB$FILE_NAME) values(null, null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR delete from RDB$DB_CREATORS t rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR insert into RDB$DB_CREATORS(RDB$USER , RDB$USER_TYPE) values(null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = 'C' rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = 32767 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$DB_CREATORS t set t.RDB$USER_TYPE = null rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$FUNCTIONS t set t.RDB$FUNCTION_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_BODY_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$PACKAGES t set t.RDB$PACKAGE_HEADER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$PROCEDURES t set t.RDB$PROCEDURE_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$RELATIONS t set t.RDB$VIEW_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TRIGGERS t set t.RDB$TRIGGER_SOURCE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR insert into RDB$TYPES(RDB$FIELD_NAME , RDB$TYPE , RDB$TYPE_NAME , RDB$DESCRIPTION , RDB$SYSTEM_FLAG) values(null, null, null, null, null) returning rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = 'test_for_blob' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$DESCRIPTION = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$FIELD_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$SYSTEM_FLAG = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = 32767 where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = 'C' where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - VULNERABLE_EXPR update RDB$TYPES t set t.RDB$TYPE_NAME = null where coalesce(rdb$system_flag,0)=0 rows 1 returning t.rdb$db_key; -- length of returned rdb$dbkey=8
E - -- gdscode list for blocked: 335544926
E + -- gdscode list for blocked: <null>
tests/bugs/core_4731_test.py:230: AssertionError
|