sqlmap/tamper/space2comment.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.priority import PRIORITY

__priority__ = PRIORITY.LOW

def tamper(value):
    """
    Replaces ' ' with '/**/'
    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
    """

    retVal = value

    if value:
        retVal = ""
        quote, doublequote, firstspace = False, False, False

        for i in xrange(len(value)):
            if not firstspace:
                if value[i].isspace():
                    firstspace = True
                    retVal += "/**/"
                    continue

            elif value[i] == '\'':
                quote = not quote

            elif value[i] == '"':
                doublequote = not doublequote

            elif value[i]==" " and not doublequote and not quote:
                retVal += "/**/"
                continue

            retVal += value[i]

    return retVal
forgot to put "#!/usr/bin/env python" 2010-10-14 18:05:05 +04:00			`#!/usr/bin/env python`

large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
			$Id$
reverting due to unsuccesfull test results 2010-10-14 19:13:36 +04:00
			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
added concept of tamper script priority 2010-11-04 13:29:40 +03:00			`from lib.core.priority import PRIORITY`

			`__priority__ = PRIORITY.LOW`

important update regarding (Bug #209) - probably more will be needed 2010-10-29 20:11:50 +04:00			`def tamper(value):`
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`"""`
			`Replaces ' ' with '/**/'`
few updates/fixes here and there 2010-11-04 11:03:59 +03:00			`Example: 'SELECT id FROM users' becomes 'SELECT//id//FROM/**/users'`
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`"""`

commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = value`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
new tampering module 2010-10-13 18:27:35 +04:00			`if value:`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = ""`
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`quote, doublequote, firstspace = False, False, False`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00
			`for i in xrange(len(value)):`
			`if not firstspace:`
minor bug fix 2010-10-14 15:12:03 +04:00			`if value[i].isspace():`
			`firstspace = True`
			`retVal += "/**/"`
			`continue`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`elif value[i] == '\'':`
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`quote = not quote`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`elif value[i] == '"':`
			`doublequote = not doublequote`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`elif value[i]==" " and not doublequote and not quote:`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal += "/**/"`
			`continue`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal += value[i]`

			`return retVal`