SQLFuzz: Random SQLAlchemy Query Generator
sqlfuzz
is a random SQLAlchemy query generator for DBMS fuzzing toolchains. sqlfuzz
improves upon other random query generators, such as sqlsmith
, by leveraging SQLAlchemy's ability to compile the same query for different DBMS dialects. For example, sqlfuzz
allows us to easily test the queries that triggers bugs in Postgres to other DBMSs such as MySQL, MariaDB, Sqlite, etc. sqlfuzz
can target any dialects that SQLAlchemy supports.
Install
$ pip3 install sqlfuzz
Usage
Quick Start
import json
from sqlfuzz.fuzz import Fuzz
f = open("./path/to/probability/conf.json")
prob_conf = json.load(f)
connection_string = "postgresql+psycopg2://{user}:{password}@{host}:{port}/{dbname}"
fuzz = Fuzz(prob_conf, connection_string)
queries = fuzz.gen_orm_queries(count=10)
Probability Configuration
Probability of the fuzzer chosing to generate a query with following clauses (range: 0-1000)
{
'order': 500,
'limit': 500,
'group': 500,
'left': 500,
'inner': 500,
'full': 500,
'scalar': 500,
'true': 500,
'func_expr': 500,
'literal_column': 500,
'distinct': 500,
'set': 500,
'offset': 500,
'simple': 500,
'window': 500,
'extractyear': 500,
'extractmonth': 500,
'subquery': 500,
'nested': 500
}