public function testChangeParamsToHackParams()
{
$target = new SqlTarget();
$target->setParameters(array("user" => "admin", "password" => null));
//create new uzzle client for testing purpose
$guzzle = new MisdGuzzleBundle();
//create new instance of our Sqlpentester
$sqlPentester = new SqlPentester($guzzle, $this->em);
// test this function replace the undefined parameters from target with sql strings from DB
$repo = $this->em->getRepository('AppBundle:SqlError');
$sql_error = $repo->getSqlError();
//do things now :D
$perceval = $sqlPentester->changeParamsToHackParams($target, $sql_error);
$this->assertNotNull($perceval["password"], "Echec de l'injection ");
}
/**
* Receive a request OK
* Creates a Target OK
* Calls Ryan Gosling with Target OK
* Sends a Response OK
*
* @Route("/xss")
*/
public function getXssError(Request $request)
{
//création de la target
$target = new Target\SqlTarget();
$target->setUrl($request->get('url'));
$target->setParameters($request->query->all());
/**
* SQL pentesting service
* @var $sqlPentester Pentester\SqlPentester
*/
//création du goslinger
$goslingPentester = $this->get('app.pentester.sql');
//appel du goslinger et sauvegarde des logs
$report = $goslingPentester->testAndGetReport($target);
//renvoyer une réponse
return new View($report, Response::HTTP_OK);
}
