説明なし

SQLInjection.py 933B

123456789101112131415161718192021222324252627282930313233343536373839
  1. from SQLLexer import *
  2. class SQLInjection():
  3. def __init__(self):
  4. self.lexer = SQLLexer()
  5. self.lexer.build()
  6. self.u_tok_counter = None
  7. self.s_tok_counter = None
  8. def validateLex(self, sample_sql, user_sql):
  9. self.s_tok_counter = self.lexer.getTokensHash()
  10. self.u_tok_counter = self.lexer.getTokensHash()
  11. for tok in self.lexer.tokenize(sample_sql):
  12. self.s_tok_counter[tok.type] += 1
  13. for tok in self.lexer.tokenize(user_sql):
  14. self.u_tok_counter[tok.type] += 1
  15. return self.s_tok_counter == self.u_tok_counter
  16. def getLastTokCounters(self):
  17. return self.s_tok_counter, self.u_tok_counter
  18. if __name__ == '__main__':
  19. sqlI = SQLInjection()
  20. # Test 1
  21. print sqlI.validateLex("""select cat from dog where casa=1 ;""", """select cat from dog where casa=1 ;""")
  22. # Test 2
  23. print sqlI.validateLex("""select cat from dog where casa=1 ;""", """select cat from dog where casa=1 and cat="miau" ;""")