| 123456789101112131415161718192021222324252627282930313233343536373839 |
-
- from SQLLexer import *
-
- class SQLInjection():
-
- def __init__(self):
- self.lexer = SQLLexer()
- self.lexer.build()
-
- self.u_tok_counter = None
- self.s_tok_counter = None
-
-
- def validateLex(self, sample_sql, user_sql):
-
- self.s_tok_counter = self.lexer.getTokensHash()
- self.u_tok_counter = self.lexer.getTokensHash()
-
- for tok in self.lexer.tokenize(sample_sql):
- self.s_tok_counter[tok.type] += 1
-
- for tok in self.lexer.tokenize(user_sql):
- self.u_tok_counter[tok.type] += 1
-
- return self.s_tok_counter == self.u_tok_counter
-
- def getLastTokCounters(self):
- return self.s_tok_counter, self.u_tok_counter
-
-
- if __name__ == '__main__':
-
- sqlI = SQLInjection()
-
- # Test 1
- print sqlI.validateLex("""select cat from dog where casa=1 ;""", """select cat from dog where casa=1 ;""")
-
- # Test 2
- print sqlI.validateLex("""select cat from dog where casa=1 ;""", """select cat from dog where casa=1 and cat="miau" ;""")
|
