Created
August 24, 2012 13:54
-
-
Save flavorjones/3450791 to your computer and use it in GitHub Desktop.
lua script for redirecting mysql access via mysqlproxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local tok = require("proxy.tokenizer") | |
function read_query(packet) | |
if (string.byte(packet) == proxy.COM_QUERY) then | |
local replacement_tokens = {} | |
local tokens = tok.tokenize(packet:sub(2)) | |
local modified_p = false | |
print("-----") | |
print(packet:sub(2)) | |
print(tok.normalize(tokens)) | |
for i = 1, #tokens do | |
local token = tokens[i] | |
print(token.token_name .. " => " .. token.text) | |
if (token.token_name == "TK_LITERAL" and token.text == "bonds") then | |
table.insert(replacement_tokens, {token_name = "TK_LITERAL", text = "cds_curves"}) | |
modified_p = true | |
else | |
table.insert(replacement_tokens, {token_name = token.token_name, text = token.text}) | |
end | |
end | |
local replacement_query = tok.tokens_to_query(replacement_tokens) | |
print(replacement_query) | |
if (modified_p) then | |
proxy.queries:append(1, string.char(proxy.COM_QUERY) .. replacement_query ) | |
return proxy.PROXY_SEND_QUERY | |
end | |
end | |
end | |
-- function read_query( packet ) | |
-- if string.byte(packet) == proxy.COM_QUERY then | |
-- local query = string.sub(packet, 2) | |
-- print ("received " .. query) | |
-- local replacing = false | |
-- -- matches "CRATE" as first word of the query | |
-- if string.match(string.upper(query), '^%s*CRATE') then | |
-- query = string.gsub(query,'^%s*%w+', 'CREATE') | |
-- replacing = true | |
-- -- matches "SLECT" as first word of the query | |
-- elseif string.match(string.upper(query), '^%s*SLECT') then | |
-- query = string.gsub(query,'^%s*%w+', 'SELECT') | |
-- replacing = true | |
-- end | |
-- if (replacing) then | |
-- print("replaced with " .. query ) | |
-- proxy.queries:append(1, string.char(proxy.COM_QUERY) .. query ) | |
-- return proxy.PROXY_SEND_QUERY | |
-- end | |
-- end | |
-- end | |
-- function read_query( packet ) | |
-- if string.byte(packet) == proxy.COM_QUERY then | |
-- local query = string.sub(packet, 2) | |
-- print("we got a normal query: " .. query) | |
-- -- try to match the string up to the first non-alphanum | |
-- local f_s, f_e, command = string.find(packet, "^%s*(%w+)", 2) | |
-- local option | |
-- if f_e then | |
-- -- if that match, take the next sub-string as option | |
-- f_s, f_e, option = string.find(packet, "^%s+(%w+)", f_e + 1) | |
-- end | |
-- -- support | |
-- -- | |
-- -- ls [db] | |
-- -- cd db | |
-- -- who | |
-- if command == "ls" then | |
-- if option then | |
-- -- FIXME: SQL INJECTION | |
-- proxy.queries:append(1, string.char(proxy.COM_QUERY) .. "SHOW TABLES FROM " .. option ) | |
-- else | |
-- proxy.queries:append(1, string.char(proxy.COM_QUERY) .. "SHOW TABLES" ) | |
-- end | |
-- return proxy.PROXY_SEND_QUERY | |
-- elseif command == "who" then | |
-- proxy.queries:append(1, string.char(proxy.COM_QUERY) .. "SHOW PROCESSLIST" ) | |
-- return proxy.PROXY_SEND_QUERY | |
-- elseif command == "cd" and option then | |
-- proxy.queries:append(1, string.char(proxy.COM_INIT_DB) .. option ) | |
-- return proxy.PROXY_SEND_QUERY | |
-- end | |
-- end | |
-- end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment