From c198fd79391bf03725c4cc72c7a96c703da7c199 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 12 Apr 2017 10:54:29 +0200
Subject: [PATCH] Update for an Issue #13

---
 lib/core/settings.py               |  2 +-
 tamper/commentbeforeparentheses.py | 40 ++++++++++++++++++++++++++++++
 txt/checksum.md5                   |  3 ++-
 3 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 tamper/commentbeforeparentheses.py

diff --git a/lib/core/settings.py b/lib/core/settings.py
index b5be58feb..1f5fd3341 100755
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.4.18"
+VERSION = "1.1.4.19"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py
new file mode 100644
index 000000000..59185002a
--- /dev/null
+++ b/tamper/commentbeforeparentheses.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Prepends (inline) comment before parentheses
+
+    Tested against:
+        * Microsoft SQL Server
+        * MySQL
+        * Oracle
+        * PostgreSQL
+
+    Notes:
+        * Useful to bypass web application firewalls that block usage
+          of function calls
+
+    >>> tamper('SELECT ABS(1)')
+    'SELECT ABS/**/(1)'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"\b(\w+)\(", "\g<1>/**/(", retVal)
+
+    return retVal
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 407b84f38..4eaf7bfd5 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -45,7 +45,7 @@ dd19b4d930d418f8aef498941346ab2d  lib/core/option.py
 d8e9250f3775119df07e9070eddccd16  lib/core/replication.py
 785f86e3f963fa3798f84286a4e83ff2  lib/core/revision.py
 40c80b28b3a5819b737a5a17d4565ae9  lib/core/session.py
-78ce748dd65ba204321cb74c53ec55e3  lib/core/settings.py
+a69ceaa3f1d3c59bc4678777218ae334  lib/core/settings.py
 d91291997d2bd2f6028aaf371bf1d3b6  lib/core/shell.py
 2ad85c130cc5f2b3701ea85c2f6bbf20  lib/core/subprocessng.py
 afd0636d2e93c23f4f0a5c9b6023ea17  lib/core/target.py
@@ -236,6 +236,7 @@ e6e3ae32bc3c3d5acb4b93289e3fe698  tamper/bluecoat.py
 893e7d907bcd370394b70a30d502be2b  tamper/charunicodeencode.py
 596883203fbdd81ee760e4a00071bf39  tamper/commalesslimit.py
 f341a48112354a50347546fa73f4f531  tamper/commalessmid.py
+1a368a32530c04a11a531cd21d587682  tamper/commentbeforeparentheses.py
 28c21fd9c9801d398698c646bb894260  tamper/concat2concatws.py
 d496b8abd40ea1a86c771d9d20174f61  tamper/equaltolike.py
 fb3c31b72675f6ef27fa420a4e974a55  tamper/escapequotes.py