sqlmap/tamper/symboliclogical.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

import re
import urllib

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOWEST

def dependencies():
    pass

def tamper(payload, **kwargs):
    """
    Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

    >>> tamper("1 AND '1'='1")
    "1 %26%26 '1'='1"
    """

    retVal = payload

    if payload:
        retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload))

    return retVal
New tamper script 2015-05-29 00:49:44 +03:00			`#!/usr/bin/env python`

			`"""`
Update of copyright years 2018-01-02 02:48:10 +03:00			`Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
New tamper script 2015-05-29 00:49:44 +03:00			`"""`

			`import re`
Minor cleanup 2018-10-02 15:07:14 +03:00			`import urllib`
New tamper script 2015-05-29 00:49:44 +03:00
			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.LOWEST`

			`def dependencies():`
			`pass`

			`def tamper(payload, **kwargs):`
			`"""`
			`Replaces AND and OR logical operators with their symbolic counterparts (&& and \|\|)`

			`>>> tamper("1 AND '1'='1")`
Switching to the getSafeExString (where it can be used) 2015-09-10 16:51:33 +03:00			`"1 %26%26 '1'='1"`
New tamper script 2015-05-29 00:49:44 +03:00			`"""`

			`retVal = payload`

			`if payload:`
Minor cleanup 2018-10-02 15:07:14 +03:00			`retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("\|\|"), payload))`
New tamper script 2015-05-29 00:49:44 +03:00
			`return retVal`