File: check_demo.sql

package info (click to toggle)
virtuoso-opensource 7.2.12%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 299,308 kB
  • sloc: ansic: 655,054; sql: 508,209; xml: 269,573; java: 84,064; javascript: 79,847; cpp: 37,662; sh: 32,429; cs: 25,702; php: 12,690; yacc: 11,666; lex: 7,933; makefile: 7,308; jsp: 4,523; awk: 1,719; perl: 1,013; ruby: 1,003; python: 326
file content (91 lines) | stat: -rw-r--r-- 4,785 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
--  
--  $Id$
--  
--  This file is part of the OpenLink Software Virtuoso Open-Source (VOS)
--  project.
--  
--  Copyright (C) 1998-2024 OpenLink Software
--  
--  This project is free software; you can redistribute it and/or modify it
--  under the terms of the GNU General Public License as published by the
--  Free Software Foundation; only version 2 of the License, dated June 1991.
--  
--  This program is distributed in the hope that it will be useful, but
--  WITHOUT ANY WARRANTY; without even the implied warranty of
--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
--  General Public License for more details.
--  
--  You should have received a copy of the GNU General Public License along
--  with this program; if not, write to the Free Software Foundation, Inc.,
--  51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
--  
--  
ECHO BOTH "STARTED: Checking security objects on Demo DB\n";

SET ARGV[0] 0;
SET ARGV[1] 0;

select U_NAME from SYS_USERS where U_ACCOUNT_DISABLED = 0 and U_IS_ROLE = 0 and U_NAME not in ('dba', 'dav', 'demo', 'nobody', 'tutorial_demo', '__rdf_repl', 'SPARQL_ADMIN');

select count(*) from SYS_USERS where U_ACCOUNT_DISABLED = 0 and U_IS_ROLE = 0 and U_NAME not in ('dba', 'dav', 'demo', 'nobody', 'tutorial_demo', '__rdf_repl', 'SPARQL_ADMIN');
ECHO BOTH $IF $EQU $LAST[1] 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $LAST[1] " Users enabled different than preset dba,dav,demo etc. abd tutorial_demo\n";

select G_OBJECT, U_NAME from SYS_GRANTS, SYS_USERS where G_USER = U_ID and U_NAME = 'demo';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
ECHO BOTH ": " $ROWCNT " grants to demo.\n";

select res_name from WS.WS.SYS_DAV_RES where RES_OWNER <> http_dav_uid () and (RES_PERMS like '__1%' or RES_PERMS like '_____1%' or RES_PERMS like '________1%');
select G_OBJECT, U_NAME from SYS_GRANTS, SYS_USERS where G_USER = U_ID and U_NAME = 'demo';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with executable permissions and owner <> dav.\n";

select res_name from WS.WS.SYS_DAV_RES where RES_OWNER = http_dav_uid () and (RES_PERMS like '____1%' or RES_PERMS like '_______1%');
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources owner is dav and writable to public or group.\n";

select res_name, res_group from WS.WS.SYS_DAV_RES where RES_GROUP is not null and res_group <> http_dav_uid () + 1;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with group different than administrators.\n";

select res_full_path, res_group from WS.WS.SYS_DAV_RES where RES_GROUP is not null and not exists (select 1 from SYS_USERS where U_ID = RES_GROUP);
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with non-matching group id.\n";

select res_full_path, res_group from WS.WS.SYS_DAV_RES where RES_OWNER is null or not exists (select 1 from SYS_USERS where U_ID = RES_OWNER);
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with non-matching user id.\n";

-- tutorial_demo user from setup_tutorial.sql
select WS.WS.COL_PATH(COL_ID), COL_OWNER from WS.WS.SYS_DAV_COL where COL_OWNER <> http_dav_uid ()
    and COL_OWNER <> coalesce ((select U_ID from SYS_USERS where U_NAME = 'tutorial_demo'), http_dav_uid ())
    and COL_OWNER <> coalesce ((select U_ID from SYS_USERS where U_NAME = 'demo'), http_dav_uid ())
    and COL_OWNER <> 0;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections belonging to non dav user.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_GROUP <> http_dav_uid () + 1 and COL_GROUP <> 0;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections belonging to non administrators group.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_PERMS like '____1%' or COL_PERMS like '_______1%';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections writable to public or group.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_PERMS like '_____1%' or COL_PERMS like '________1%';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections with execute bit on.\n";

$IF $GTE $ARGV[0] 1 "raw_exit ()" "";

ECHO BOTH "COMPLETED WITH " $ARGV[0] " FAILED, " $ARGV[1] " PASSED: Checking security objects on Demo DB\n";