LtmThink
diff --git a/‎README.md‎
Lines changed: 41 additions & 0 deletions b/‎README.md‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 16 additions & 0 deletions b/‎go.mod‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 22 additions & 0 deletions b/‎go.sum‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎images/image-20250213203303123.png‎
1010 KB b/‎images/image-20250213203303123.png‎
1010 KB
diff --git a/‎images/image-20250213203351348.png‎
199 KB b/‎images/image-20250213203351348.png‎
199 KB
diff --git a/‎images/image-20250213203402153.png‎
1 MB b/‎images/image-20250213203402153.png‎
1 MB
diff --git a/‎images/image-20250213203504045.png‎
1.3 MB b/‎images/image-20250213203504045.png‎
1.3 MB
diff --git a/‎images/image-20250213203512721.png‎
1.04 MB b/‎images/image-20250213203512721.png‎
1.04 MB
diff --git a/‎main.go‎
Lines changed: 86 additions & 0 deletions b/‎main.go‎
Lines changed: 86 additions & 0 deletions
diff --git a/‎mysql/buffer.go‎
Lines changed: 174 additions & 0 deletions b/‎mysql/buffer.go‎
Lines changed: 174 additions & 0 deletions
@@ -0,0 +1,41 @@
+# SQLRecorder
+
+## 简介
+
+SQLRecorder能够实时记录应用运行时产生的SQL查询以及语法错误，方便代码审计时对SQL注入的实时关注。
+
+SQLRecorder以代理的形式运行，区别于MySQL日志记录查询，SQLRecorder能够更好的感知SQL查询及其查询结果，并能记录日志所不能记录的MySQL语法错误。
+
+SQLRecorder目前支持MySQL数据库查询记录。
+
+## 使用
+
+### 1.命令行窗口监控
+
+#### 运行指令
+
+命令：
+
+```
+sqlrecorder command -s 127.0.0.1:3306 -p 127.0.0.1:43306
+```
+
+该命令将使SQLRecorder作为代理端监听127.0.0.1:43306，并指定后续连接MySQL服务端地址为127.0.0.1:3306
+
+![image-20250213203303123](./images/image-20250213203303123.png)
+
+#### 使用场景一
+
+Web应用程序作为客户端连接SQLRecorder，SQLRecorder将实时记录产生的SQL查询以及语法错误
+
+![image-20250213203351348](./images/image-20250213203351348.png)
+
+![image-20250213203402153](./images/image-20250213203402153.png)
+
+#### 使用场景二
+
+使用mysql命令行工具(或其他连接工具)作为客户端连接SQLRecorder，SQLRecorder将实时记录产生的SQL查询以及语法错误
+
+![image-20250213203504045](./images/image-20250213203504045.png)
+
+![image-20250213203512721](./images/image-20250213203512721.png)
@@ -0,0 +1,16 @@
+module SQLRecorder
+
+go 1.23
+
+require (
+	github.com/gookit/color v1.5.4
+	github.com/urfave/cli/v2 v2.27.5
+)
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+)
@@ -0,0 +1,22 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
+github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
+github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -0,0 +1,86 @@
+package main
+
+import (
+	"SQLRecorder/mysql"
+	"errors"
+	"fmt"
+	"github.com/urfave/cli/v2"
+	"os"
+	"os/signal"
+	"syscall"
+)
+
+func display_banner() {
+	fmt.Println("   _____  ____  _      _____                        _           ")
+	fmt.Println("  / ____|/ __ \\| |    |  __ \\     𝚋𝚢：𝙻𝚝𝚖𝚃𝚑𝚒𝚗𝚔     | |          ")
+	fmt.Println(" | (___ | |  | | |    | |__) |___  ___ ___  _ __ __| | ___ _ __ ")
+	fmt.Println("  \\___ \\| |  | | |    |  _  // _ \\/ __/ _ \\| '__/ _` |/ _ \\ '__|")
+	fmt.Println("  ____) | |__| | |____| | \\ \\  __/ (_| (_) | | | (_| |  __/ |   ")
+	fmt.Println(" |_____/ \\___\\_\\______|_|  \\_\\___|\\___\\___/|_|  \\__,_|\\___|_|   ")
+	fmt.Println("                                                                ")
+	fmt.Println("                                                                ")
+}
+func main() {
+	display_banner()
+	// 创建通道监听系统信号
+	sigs := make(chan os.Signal, 1)
+	signal.Notify(sigs, os.Interrupt, syscall.SIGTERM)
+	var app = cli.App{
+		Name:      "SQLRecorder",
+		Usage:     "Create a proxy to record all passing SQL statements.",
+		UsageText: "sqlrecorder command -s 127.0.0.1:3306 -p 127.0.0.1:43306",
+		Commands: []*cli.Command{
+			{
+				Name:      "command",
+				Aliases:   []string{"c"},
+				Usage:     "Create a proxy and all SQL will be displayed in the command line window",
+				UsageText: "sqlrecorder command -s 127.0.0.1:3306 -p 127.0.0.1:43306",
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "server",
+						Aliases:  []string{"s"},
+						Usage:    "The address of the SQL server.",
+						Required: false,
+						Value:    "127.0.0.1:3306",
+					},
+					&cli.StringFlag{
+						Name:     "proxy",
+						Aliases:  []string{"p"},
+						Usage:    "The address where the SQLRecorder agent wants to run the listening.",
+						Required: false,
+						Value:    "127.0.0.1:43306",
+					},
+				},
+				Action: func(context *cli.Context) error {
+					var server = context.String("server")
+					var proxy = context.String("proxy")
+					if server == "" || proxy == "" {
+						return errors.New("Please enter the correct parameters")
+					}
+					sqlName := "mysql"
+					switch sqlName {
+					case "mysql":
+						err := mysql.Recorder(server, proxy)
+						return err
+					default:
+						return errors.New("Please enter the correct parameters")
+					}
+				},
+			},
+		},
+	}
+	// 隐藏光标
+	fmt.Print("\033[?25l")
+	go func() {
+		<-sigs
+		fmt.Println("\033[32m\nbye👋\033[0m")
+		// 显示光标
+		fmt.Print("\033[?25h")
+		os.Exit(0)
+	}()
+	err := app.Run(os.Args)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "\033[31m[Error] %v\n\033[0m", err.Error())
+		fmt.Print("\033[?25h")
+	}
+}
@@ -0,0 +1,174 @@
+package mysql
+
+import (
+	"io"
+	"net"
+	"time"
+)
+
+const defaultBufSize = 4096
+const maxCachedBufSize = 256 * 1024
+
+// A buffer which is used for both reading and writing.
+// This is possible since communication on each connection is synchronous.
+// In other words, we can't write and read simultaneously on the same connection.
+// The buffer is similar to bufio.Reader / Writer but zero-copy-ish
+// Also highly optimized for this particular use case.
+// This buffer is backed by two byte slices in a double-buffering scheme
+type buffer struct {
+	buf     []byte // buf is a byte buffer who's length and capacity are equal.
+	nc      net.Conn
+	idx     int
+	length  int
+	timeout time.Duration
+	dbuf    [2][]byte // dbuf is an array with the two byte slices that back this buffer
+	flipcnt uint      // flipccnt is the current buffer counter for double-buffering
+}
+
+// newBuffer allocates and returns a new buffer.
+func newBuffer(nc net.Conn) buffer {
+	fg := make([]byte, defaultBufSize)
+	return buffer{
+		buf:  fg,
+		nc:   nc,
+		dbuf: [2][]byte{fg, nil},
+	}
+}
+
+// flip replaces the active buffer with the background buffer
+// this is a delayed flip that simply increases the buffer counter;
+// the actual flip will be performed the next time we call `buffer.fill`
+func (b *buffer) flip() {
+	b.flipcnt += 1
+}
+
+// fill reads into the buffer until at least _need_ bytes are in it
+func (b *buffer) fill(need int) error {
+	n := b.length
+	// fill data into its double-buffering target: if we've called
+	// flip on this buffer, we'll be copying to the background buffer,
+	// and then filling it with network data; otherwise we'll just move
+	// the contents of the current buffer to the front before filling it
+	dest := b.dbuf[b.flipcnt&1]
+
+	// grow buffer if necessary to fit the whole packet.
+	if need > len(dest) {
+		// Round up to the next multiple of the default size
+		dest = make([]byte, ((need/defaultBufSize)+1)*defaultBufSize)
+
+		// if the allocated buffer is not too large, move it to backing storage
+		// to prevent extra allocations on applications that perform large reads
+		if len(dest) <= maxCachedBufSize {
+			b.dbuf[b.flipcnt&1] = dest
+		}
+	}
+
+	// if we're filling the fg buffer, move the existing data to the start of it.
+	// if we're filling the bg buffer, copy over the data
+	if n > 0 {
+		copy(dest[:n], b.buf[b.idx:])
+	}
+
+	b.buf = dest
+	b.idx = 0
+
+	for {
+		if b.timeout > 0 {
+			if err := b.nc.SetReadDeadline(time.Now().Add(b.timeout)); err != nil {
+				return err
+			}
+		}
+
+		nn, err := b.nc.Read(b.buf[n:])
+		n += nn
+
+		switch err {
+		case nil:
+			if n < need {
+				continue
+			}
+			b.length = n
+			return nil
+
+		case io.EOF:
+			if n >= need {
+				b.length = n
+				return nil
+			}
+			return io.ErrUnexpectedEOF
+
+		default:
+			return err
+		}
+	}
+}
+
+// returns next N bytes from buffer.
+// The returned slice is only guaranteed to be valid until the next read
+func (b *buffer) readNext(need int) ([]byte, error) {
+	if b.length < need {
+		// refill
+		if err := b.fill(need); err != nil {
+			return nil, err
+		}
+	}
+
+	offset := b.idx
+	b.idx += need
+	b.length -= need
+	return b.buf[offset:b.idx], nil
+}
+
+// takeBuffer returns a buffer with the requested size.
+// If possible, a slice from the existing buffer is returned.
+// Otherwise a bigger buffer is made.
+// Only one buffer (total) can be used at a time.
+func (b *buffer) takeBuffer(length int) ([]byte, error) {
+	if b.length > 0 {
+		return nil, ErrBusyBuffer
+	}
+
+	// test (cheap) general case first
+	if length <= cap(b.buf) {
+		return b.buf[:length], nil
+	}
+
+	if length < maxPacketSize {
+		b.buf = make([]byte, length)
+		return b.buf, nil
+	}
+
+	// buffer is larger than we want to store.
+	return make([]byte, length), nil
+}
+
+// takeSmallBuffer is shortcut which can be used if length is
+// known to be smaller than defaultBufSize.
+// Only one buffer (total) can be used at a time.
+func (b *buffer) takeSmallBuffer(length int) ([]byte, error) {
+	if b.length > 0 {
+		return nil, ErrBusyBuffer
+	}
+	return b.buf[:length], nil
+}
+
+// takeCompleteBuffer returns the complete existing buffer.
+// This can be used if the necessary buffer size is unknown.
+// cap and len of the returned buffer will be equal.
+// Only one buffer (total) can be used at a time.
+func (b *buffer) takeCompleteBuffer() ([]byte, error) {
+	if b.length > 0 {
+		return nil, ErrBusyBuffer
+	}
+	return b.buf, nil
+}
+
+// store stores buf, an updated buffer, if its suitable to do so.
+func (b *buffer) store(buf []byte) error {
+	if b.length > 0 {
+		return ErrBusyBuffer
+	} else if cap(buf) <= maxPacketSize && cap(buf) > cap(b.buf) {
+		b.buf = buf[:cap(buf)]
+	}
+	return nil
+}