Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Database access script

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
csi_user Database access script
Member 31st May, 2010 23:12
Ranking: 0
Posts: 1
User Since: 31st May, 2010
System Score: N/A
Location: DK
Last edited on 31st May, 2010 23:13

One of the main features I've been looking forward to in CSI 4.0 is access to the underlying database.
Of course the random file name was not a part of my expectations.

For a moment I thought about hard coding the path in a script and have it done and over with, but that would break if I reinstalled the application or removed the database file. (Both of which I have done multiple times, resulting in a new random name)

Since I'm going to try to write to the database to configure various settings as well, I'm expecting to wipe the file a couple of times.

---
Below is a script which, if not automatically locates the database, then at least makes a qualified attempt at it.
Perhaps Secunia will provide a static way of looking up the file later.

A couple of disclaimers:
This is a batch script, don't edit the file while it is run, for some odd reason batch continues on the same line number in the new file.

It's a batch script, it's impossible to extensive tests about the environment, a controlled and predictable system is assumed although the script will try to fail gracefully.
I probably would have been better off using power shell, VB, perl, js, ruby, bash, <insert favorite>,...

Sorry about the comments, the letters REM don't translate as comment in my mind.

Batch provides no way to declare a function, but the script _should_ be robust enough to move each section around, hence the silly gotos.

Please read through the script before using for good measure.
This script is provided free as is without license or other strings attached, no liability or warrenty, etc. etc.
to use or as an inspiration in the hope it will return in an improved state.

Happy hacking.
--------------------------
echo off

REM ### BEGIN DELETEME ###

REM # Minimum configuration:
REM # - configure the SQLITE program path below.
REM # - remove this DELETEME section

ECHO Please configure the script first.
GOTO WAIT

REM ### END DELETEME ###

REM ################################################## ######
REM # Allow the script to wait with "press any key" #
REM # so users can read output before the prompt is closed #
REM # #
REM # Change this to '0' if you're going to automate tasks #
REM # with this script to prevent hanging tasks. #
REM ################################################## ######
SET ENABLEPAUSE=1


REM ###############################################
REM ### Configure this according to your system ###
REM ### If sqlite is installed within your PATH ###
REM ### environment variable you can just set ###
REM ### this to the filename. ###
REM ### Note: Don't use quotes ###
REM ###############################################
SET SQLITE=%programfiles%\sqlite\sqlite3.exe



REM ###################################
REM # Preset and clear used variables #
REM # Changing these may result in #
REM # unexpected results #
REM ###################################

SET RUNMODE=-interactive
SET CSIDBPATH=%APPDATA%\Secunia CSI
SET DBFILE=INVALIDFILENAME


SET HEADERS=
SET OUTFILE=
SET QUERYFILE=
SET COUNT=
SET INITCMD=
SET SQLCMDS=
SET OUTFILECMD=


REM ### Script begins below ###


REM ##############################
REM # Hack to read CMD line args #
REM # Sorry Dijkstra #
REM ##############################
:READCMDLINE

REM # Don't mess with the shift arguments, timing on that
REM # command is messed up
REM # SHIFT is first honored on the next line executed.

IF "%~1"=="" GOTO DONEREADCMDLINE
IF "%~1"=="-q" (
SET QUERYFILE=%2
SHIFT
GOTO CMDLINEPARTPARSED
)
IF "%~1"=="-o" (
SET OUTFILE=%2
SHIFT
GOTO CMDLINEPARTPARSED
)
IF "%~1"=="-s" (
SET HEADERS=-header
GOTO CMDLINEPARTPARSED
)
IF "%~1"=="-S" (
SET HEADERS=-noheader
GOTO CMDLINEPARTPARSED
)
IF "%~1"=="-h" GOTO SHOWHELP
IF "%~1"=="--" (
SHIFT
GOTO DONEREADCMDLINE
)

REM Unknown arg.
GOTO SHOWHELP

:CMDLINEPARTPARSED
SHIFT
GOTO READCMDLINE

:DONEREADCMDLINE
GOTO BUILDARGS

:BUILDARGS
IF "%HEADERS%"=="" SET HEADERS=-header
IF NOT "%OUTFILE%"=="" IF "%QUERYFILE%"=="" GOTO SHOWHELP
IF NOT "%OUTFILE%"=="" SET OUTFILECMD=^> "%OUTFILE%"
IF NOT "%~1"=="" SET RUNMODE=-batch & SET SQLCMDS=%~1
IF NOT "%QUERYFILE%"=="" SET RUNMODE=-batch & SET SQLCMDS=.exit & SET INITCMD=-init %QUERYFILE%

REM ################
REM # Done parsing #
REM ################
GOTO VERIFYPATHS



:SHOWHELP
ECHO.
ECHO Usage: %0 [-h] [-q ^<file^> [-o ^<file^>]] [-s^|-S] [-- [SQLIte commands]]
ECHO -s/-S: Include/exclude SQL headers in output (use the SQL command
ECHO ".header on" in the SQL file with -q)
ECHO -q: Read SQL/SQLITE commands from file (see sqlite -init)
ECHO -o: Specify output file (Requires -q)
ECHO --: Stops parsing and pass the rest of the line to SQLite
ECHO This option is not honored with -q, anything after this
ECHO switch will be discarded instead.
ECHO -h: Show this help message
ECHO.
ECHO If no commands are provided on the command line or through the -q switch
ECHO SQLITE will be launched in interactive mode.
ECHO.

GOTO WAIT


REM ########################################
REM # Verify basic assumptions are correct #
REM ########################################
:VERIFYPATHS
IF NOT EXIST "%CSIDBPATH%\" (
ECHO CSI data folder not found. >&2
GOTO ERROR
)
IF NOT EXIST "%SQLITE%" (
ECHO SQLite not found. >&2
GOTO ERROR
)
GOTO LOCATEDB

REM ##########################################
REM # Very naive database location function #
REM # #
REM # Assuming the db is the only non-hidden #
REM # file in the directory #
REM ##########################################
:LOCATEDB
FOR /F %%i IN ('dir /B "%CSIDBPATH%" ^| find /V /C ""') do @set COUNT=%%i
IF NOT %COUNT% == 1 (
ECHO Can't isolate DB file >&2
GOTO ERROR
)
FOR /F %%i IN ('dir /B "%CSIDBPATH%" ^| find /V ""') do @set DBFILE=%CSIDBPATH%\%%i
IF NOT EXIST "%DBFILE%" (
ECHO Error: Found non-existing file? >&2
GOTO ERROR
)
GOTO DORUN


REM ###########################################
REM # If we got to this point, it's do or die #
REM # SQLite returns non-zero on exit, so no #
REM # error detection at this time #
REM ###########################################
:DORUN
"%SQLITE%" %HEADERS% %RUNMODE% %INITCMD% "%DBFILE%" %SQLCMDS% %OUTFILECMD%
GOTO DONERUN

REM ################################################## ###############
REM # Leftover from when this script had multiple DORUN actions #
REM # depending on variables, now they're resolved in a single line #
REM # Included in case it is needed again #
REM ################################################## ###############
:DONERUN
GOTO EXIT


REM ############################
REM # Stub for error handeling #
REM ############################
:ERROR
ECHO No errorhandeling >&2
GOTO WAIT

REM ################################################## ######
REM # Give users a chance to read messages from the script #
REM # before the prompt closes. I hate that black flash. #
REM ################################################## ######
:WAIT
IF %ENABLEPAUSE% gtr 0 pause
GOTO EXIT


:EXIT
exit
REM ### END of script ###

No one has replied to this thread yet - be the first
This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability