sqlmap/tamper/space2comment.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOW

def tamper(payload):
    """
    Replaces ' ' with '/**/'
    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
    """

    retVal = payload

    if payload:
        retVal = ""
        quote, doublequote, firstspace = False, False, False

        for i in xrange(len(payload)):
            if not firstspace:
                if payload[i].isspace():
                    firstspace = True
                    retVal += "/**/"
                    continue

            elif payload[i] == '\'':
                quote = not quote

            elif payload[i] == '"':
                doublequote = not doublequote

            elif payload[i]==" " and not doublequote and not quote:
                retVal += "/**/"
                continue

            retVal += payload[i]

    return retVal
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`#!/usr/bin/env python`

			`"""`
			$Id$

			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.LOW`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`def tamper(payload):`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`"""`
			`Replaces ' ' with '/**/'`
			`Example: 'SELECT id FROM users' becomes 'SELECT//id//FROM/**/users'`
			`"""`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`retVal = payload`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00
minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`if payload:`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`retVal = ""`
			`quote, doublequote, firstspace = False, False, False`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`for i in xrange(len(payload)):`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`if not firstspace:`
minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`if payload[i].isspace():`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`firstspace = True`
			`retVal += "/**/"`
			`continue`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`elif payload[i] == '\'':`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`quote = not quote`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`elif payload[i] == '"':`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`doublequote = not doublequote`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`elif payload[i]==" " and not doublequote and not quote:`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`retVal += "/**/"`
			`continue`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`retVal += payload[i]`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00
			`return retVal`