Simple SQL table fuzzing

Overview

SQLfuzz

Go Report Card GoDoc License made-with-Go sqlfuzz test workflow

Load random data into SQL tables for testing purposes. The tool can get the layout of the SQL table and fill it up with random data.

Installation

MacOS

wget https://github.com/PumpkinSeed/sqlfuzz/releases/download/{RELEASE}/sqlfuzz_darwin_amd64 -O /usr/local/bin/sqlfuzz
chmod +x /usr/local/bin/sqlfuzz

Linux

# amd64 build
wget https://github.com/PumpkinSeed/sqlfuzz/releases/download/{RELEASE}/sqlfuzz_linux_amd64 -O /usr/local/bin/sqlfuzz
chmod +x /usr/local/bin/sqlfuzz

# arm64 build
wget https://github.com/PumpkinSeed/sqlfuzz/releases/download/{RELEASE}/sqlfuzz_linux_arm64 -O /usr/local/bin/sqlfuzz
chmod +x /usr/local/bin/sqlfuzz

Windows

You can download the Windows build here

Build from source

wget https://github.com/PumpkinSeed/sqlfuzz/archive/{RELEASE}.zip
# unzip
# cd into dir
go install main.go

Usage

# MySQL
sqlfuzz -u username -p password -d database -h 127.0.0.1 -t table -n 100000 -w 100

# Postgres
sqlfuzz -u username -p password -d database -h 127.0.0.1 -t table -n 100000 -w 100 -P 5432 -D postgres

Flags

  • u: User for database connection
  • p: Password for database connection
  • d: Database name for database connection
  • h: Host for database connection
  • P: Port for database connection
  • D: Driver for database connection (supported: mysql, postgres)
  • t: Table for fuzzing
  • n: Number of rows to fuzz
  • w: Concurrent workers to work on fuzzing

Package usage

TODO: Write package

Comments
  • Add seed as CLA for reproducible fuzzing

    Add seed as CLA for reproducible fuzzing

    Fixes #18 The seed variable can be passed as a command line argument, if it is not passed the default behavior is to set the seed as 0 which will also maintain backward compatibility.

    hacktoberfest hacktoberfest-accepted 
    opened by kinshukdua 3
  • Foreign key constrains and multiple table options

    Foreign key constrains and multiple table options

    Feature request from reddit:

    Does it support and understand constraints when given multiple tables? And does it handle FK? Eg; If my T2 has a FK to T1 and i fuzz them in the correct order will the tool figure it out?

    So make the tool understand constrains even if the one table passed and add the feature to handle more tables with comma separated.

    enhancement help wanted good first issue 
    opened by PumpkinSeed 2
  • MySQL advanced describe

    MySQL advanced describe

    Currently the MySQL driver reads the table details with the DESCRIBE SQL command. It would be much cleaner if it would use the information_schema.tables just like the Postgres driver does.

    enhancement good first issue hacktoberfest hacktoberfest-accepted 
    opened by PumpkinSeed 1
  • Reproducible fuzzing

    Reproducible fuzzing

    Feature idea from reddit:

    Is it possible to set a random seed to get reproducible random data? This would be useful for unit testing to get the same data on each run.

    So the main goal of the ticket is make it possible to reproduce certain fuzzing scenarios for unit-tests. This can be done by the change of the seeding mechanism.

    enhancement good first issue hacktoberfest 
    opened by PumpkinSeed 0
  • MySQL: Not respecting AUTO_INCREMENT when inserting new records

    MySQL: Not respecting AUTO_INCREMENT when inserting new records

    sqlfuzz expects a table to be completely clean, so if a table already contains some data it then fails:

    2021/04/24 15:08:26 Error 1062: Duplicate entry '1' for key 'PRIMARY'
    

    In my case, i can't have a completely empty table/database due to various constrains, but I do want to add e.g. 100k new records.

    SHOW CREATE TABLE table spits out AUTO_INCREMENT=XX so XX should be the starting point instead of 1.

    bug help wanted hacktoberfest 
    opened by maksimovic 1
  • MySQL: Tables having FK references can't be populated because sqlfuzz doesn't go and populate the

    MySQL: Tables having FK references can't be populated because sqlfuzz doesn't go and populate the "parent" table first

    Getting an error like

    2021/04/24 14:58:51 Error 1452: Cannot add or update a child row: a foreign key constraint fails (`db`.`table`, CONSTRAINT `FK_something` FOREIGN KEY (`column_from_table`) REFERENCES `other_table` (`id`) ON DELETE CASCADE ON UPDATE CASCADE)
    
    bug help wanted hacktoberfest 
    opened by maksimovic 0
  • MYSQL: Issue recognizing FLOAT / DECIMAL column type

    MYSQL: Issue recognizing FLOAT / DECIMAL column type

    sqlfuzz complains with unknown field type when it stumbles upon a column defined as FLOAT which doesn't have explicit length defined.

    I also suspect that it has problems when it's actually defined. For example, I get this error on a table having DECIMAL(25,6):

    panic: strconv.Atoi: parsing "6unsigned": invalid syntax
    
    goroutine 25 [running]:
    github.com/PumpkinSeed/sqlfuzz/drivers.length(0xc000144e60, 0x16, 0x13b1150, 0x7, 0xc00012d15a, 0x1, 0x1)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/drivers/helpers.go:24 +0x4b7
    github.com/PumpkinSeed/sqlfuzz/drivers.MySQL.MapField(0x7ffeefbffaa3, 0x8, 0x7ffeefbffaaf, 0x6, 0x7ffeefbffab9, 0x15, 0x7ffeefbffad2, 0x9, 0x7ffeefbffadf, 0x4, ...)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/drivers/mysql.go:128 +0x9d3
    github.com/PumpkinSeed/sqlfuzz/pkg/action.generateData(0x1457160, 0xc00012b620, 0xc000144e40, 0x15, 0xc000144e60, 0x16, 0xc00012ce79, 0x3, 0x0, 0x0, ...)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/pkg/action/action.go:117 +0x79
    github.com/PumpkinSeed/sqlfuzz/pkg/action.SQLInsertInput.singleInsert(0xc0001548c0, 0x0, 0x13aac01, 0x101)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/pkg/action/action.go:107 +0x338
    github.com/PumpkinSeed/sqlfuzz/pkg/action.SQLInsertInput.Insert(0xc0001548c0, 0x0, 0x7ffeefbffa01, 0x8)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/pkg/action/action.go:42 +0xb8
    github.com/PumpkinSeed/sqlfuzz/pkg/fuzzer.worker(0xc0001025a0, 0xc00012d130, 0x7ffeefbffaa3, 0x8, 0x7ffeefbffaaf, 0x6, 0x7ffeefbffab9, 0x15, 0x7ffeefbffad2, 0x9, ...)
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/pkg/fuzzer/runner.go:50 +0x145
    created by github.com/PumpkinSeed/sqlfuzz/pkg/fuzzer.runHelper
    	/Users/loow/gopath/src/github.com/PumpkinSeed/sqlfuzz/pkg/fuzzer/runner.go:28 +0x138
    
    bug help wanted hacktoberfest 
    opened by maksimovic 0
  • Intelligent mode

    Intelligent mode

    Intelligent mode should figure out what the given field represents and load data related to the field. Ex. the field nem is firstname, than load firstname into it. Keep in mind that do that only in case if the field does NOT have unique constraint.

    enhancement hacktoberfest 
    opened by PumpkinSeed 0
Owner
Ferenc Fabian
Gopher, Rustacean, Hobby Hacker
Ferenc Fabian
A fast data generator that's multi-table aware and supports multi-row DML.

If you need to generate a lot of random data for your database tables but don't want to spend hours configuring a custom tool for the job, then datage

Coding Concepts 49 Aug 8, 2022
Typescript type declaration to PostgreSQL CREATE TABLE converter

ts2psql NOTE: This is WIP. Details in this readme are ideal state. Current usage: go build && ./ts2psql (or go build && ts2psql if on Windows OS). A s

null 1 Jan 13, 2022
write APIs using direct SQL queries with no hassle, let's rethink about SQL

SQLer SQL-er is a tiny portable server enables you to write APIs using SQL query to be executed when anyone hits it, also it enables you to define val

Mohammed Al Ashaal 2k Sep 13, 2022
Parses a file and associate SQL queries to a map. Useful for separating SQL from code logic

goyesql This package is based on nleof/goyesql but is not compatible with it any more. This package introduces support for arbitrary tag types and cha

null 0 Oct 20, 2021
Go-sql-reader - Go utility to read the externalised sql with predefined tags

go-sql-reader go utility to read the externalised sql with predefined tags Usage

null 0 Jan 25, 2022
SQL API is designed to be able to run queries on databases without any configuration by simple HTTP call.

SQL API SQL API is designed to be able to run queries on databases without any configuration by simple HTTP call. The request contains the DB credenti

Çiçeksepeti Tech 24 Jun 21, 2022
Simple SQL parser

gosqlparser gosqlparser is a simple SQL parser. Installation As simple as: go get github.com/krasun/gosqlparser Usage ... Supported Statements CREATE

Dmytro Krasun 35 Jul 28, 2022
Simple SQL escape and format for golang

sqlstring Simple SQL escape and format Escaping sql values //Format sql := sqlstring.Format("select * from users where name=? and age=? limit ?,?", "t

solar 9 Sep 4, 2022
null 3 Mar 7, 2022
Querycrate - A simple library that loads and keeps SQL queries from files

QueryCrate A simple library for loading & getting string queries from files. How

A Really Fake Floordiv Since 4th January, 2022 1 Feb 15, 2022
A simple auditor of SQL databases.

DBAuditor SQL数据库审计系统,目前支持SQL注入攻击审计 环境配置 sudo apt install golang 运行方式 将待审计语句填入test.txt中,然后运行主程序: 直接运行: go run main.go 编译运行: go build main.go ./main 主要目

Yunjie Xiao 4 May 13, 2022
Vectorized SQL for JSON at scale: fast, simple, schemaless

Vectorized SQL for JSON at scale: fast, simple, schemaless Sneller is a high-performance vectorized SQL engine for JSON that runs directly on object s

null 664 Sep 28, 2022
Go package for sharding databases ( Supports every ORM or raw SQL )

Octillery Octillery is a Go package for sharding databases. It can use with every OR Mapping library ( xorm , gorp , gorm , dbr ...) implementing data

BlasTrain Co., Ltd. 171 Sep 8, 2022
Prep finds all SQL statements in a Go package and instruments db connection with prepared statements

Prep Prep finds all SQL statements in a Go package and instruments db connection with prepared statements. It allows you to benefit from the prepared

Max Chechel 32 Sep 26, 2022
pggen - generate type safe Go methods from Postgres SQL queries

pggen - generate type safe Go methods from Postgres SQL queries pggen is a tool that generates Go code to provide a typesafe wrapper around Postgres q

Joe Schafer 186 Sep 14, 2022
🐳 A most popular sql audit platform for mysql

?? A most popular sql audit platform for mysql

Henry Yee 7k Sep 26, 2022
sqlx is a library which provides a set of extensions on go's standard database/sql library

sqlx is a library which provides a set of extensions on go's standard database/sql library. The sqlx versions of sql.DB, sql.TX, sql.Stmt, et al. all leave the underlying interfaces untouched, so that their interfaces are a superset on the standard ones. This makes it relatively painless to integrate existing codebases using database/sql with sqlx.

Jason Moiron 12.6k Sep 22, 2022
A tool to run queries in defined frequency and expose the count as prometheus metrics. Supports MongoDB and SQL

query2metric A tool to run db queries in defined frequency and expose the count as prometheus metrics. Why ? Product metrics play an important role in

S Santhosh Nagaraj 19 Jul 1, 2022
Dumpling is a fast, easy-to-use tool written by Go for dumping data from the database(MySQL, TiDB...) to local/cloud(S3, GCP...) in multifarious formats(SQL, CSV...).

?? Dumpling Dumpling is a tool and a Go library for creating SQL dump from a MySQL-compatible database. It is intended to replace mysqldump and mydump

PingCAP 266 Sep 19, 2022