Blame: tamper/randomcomments.py - sqlmapproject/sqlmap

Automatic SQL injection and database takeover tool

0 0 0 Python

Last preparations for DREI 2019-05-08 12:47:52 +02:00			`#!/usr/bin/env python`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
			`"""`
Year bump 2026-01-01 19:12:07 +01:00			`Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)`
Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00			`See the file 'LICENSE' for copying permission`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00			`"""`

			`import re`

			`from lib.core.common import randomRange`
Some more DREI stuff 2019-03-28 16:04:38 +01:00			`from lib.core.compat import xrange`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00			`from lib.core.data import kb`
			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.LOW`

Update for an Issue #12 2012-12-03 14:27:01 +01:00			`def tamper(payload, **kwargs):`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00			`"""`
Minor update 2025-02-19 14:11:03 +01:00			`Inserts random inline comments within SQL keywords (e.g. SELECT -> S//E//LECT)`
Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
			`>>> import random`
			`>>> random.seed(0)`
			`>>> tamper('INSERT')`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`'I//NS//ERT'`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00			`"""`

minor cosmetics on tamper scripts 2011-04-04 08:18:26 +00:00			`retVal = payload`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
minor cosmetics on tamper scripts 2011-04-04 08:18:26 +00:00			`if payload:`
Fix for a tamper script (in some cases comments were not inserted) 2013-07-31 09:52:10 +02:00			`for match in re.finditer(r"\b[A-Za-z_]+\b", payload):`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00			`word = match.group()`

			`if len(word) < 2:`
			`continue`

			`if word.upper() in kb.keywords:`
Minor refactoring 2012-07-24 01:21:32 +02:00			`_ = word[0]`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
			`for i in xrange(1, len(word) - 1):`
Minor refactoring 2012-07-24 01:21:32 +02:00			`_ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Minor refactoring 2012-07-24 01:21:32 +02:00			`_ += word[-1]`
Fix for a tamper script (in some cases comments were not inserted) 2013-07-31 09:52:10 +02:00
			`if "/**/" not in _:`
			`index = randomRange(1, len(word) - 1)`
			`_ = word[:index] + "/**/" + word[index:]`

Minor refactoring 2012-07-24 01:21:32 +02:00			`retVal = retVal.replace(word, _)`
Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00			`return retVal`