com.sh.wf.module.parser.sql

类 Libinjection

java.lang.Object

com.sh.wf.module.parser.sql.Libinjection

public class Libinjection
extends java.lang.Object

字段概要

字段

限定符和类型	字段和说明
static char	CHAR_DOUBLE
static char	CHAR_NULL
static char	CHAR_SINGLE
static char	CHAR_TICK
static int	FLAG_QUOTE_DOUBLE
static int	FLAG_QUOTE_NONE
static int	FLAG_QUOTE_SINGLE
static int	FLAG_SQL_ANSI
static int	FLAG_SQL_MYSQL
static int	LIBINJECTION_SQLI_MAX_TOKENS
static int	TYPE_BACKSLASH
static int	TYPE_BAREWORD
static int	TYPE_COLLATE
static int	TYPE_COLON
static int	TYPE_COMMA
static int	TYPE_COMMENT
static int	TYPE_DOT
static int	TYPE_EVIL
static int	TYPE_EXPRESSION
static int	TYPE_FINGERPRINT
static int	TYPE_FUNCTION
static int	TYPE_GROUP
static int	TYPE_KEYWORD
static int	TYPE_LEFTBRACE
static int	TYPE_LEFTPARENS
static int	TYPE_LOGIC_OPERATOR
static int	TYPE_NONE
static int	TYPE_NUMBER
static int	TYPE_OPERATOR
static int	TYPE_RIGHTBRACE
static int	TYPE_RIGHTPARENS
static int	TYPE_SEMICOLON
static int	TYPE_SQLTYPE
static int	TYPE_STRING
static int	TYPE_TSQL
static int	TYPE_UNION
static int	TYPE_UNKNOWN
static int	TYPE_VARIABLE

构造器概要

构造器

构造器和说明
Libinjection()

方法概要

限定符和类型	方法和说明
boolean	char_is_white(char ch)
char	flag2delim(int flag)
java.lang.String	getOutput()
com.sh.wf.module.parser.sql.State	getState()
boolean	is_backslash_escaped(int end, int start, java.lang.String s)
boolean	is_double_delim_escaped(int cur, int end, java.lang.String s)
boolean	is_keyword(java.lang.String str)
boolean	is_mysql_comment(java.lang.String s, int len, int pos)
boolean	libinjection_is_sqli()
boolean	libinjection_sqli_blacklist()
boolean	libinjection_sqli_check_fingerprint()
java.lang.String	libinjection_sqli_fingerprint(int flags) Secondary API: Detect SQLi GIVEN a context.
int	libinjection_sqli_fold()
java.lang.Character	libinjection_sqli_lookup_word(java.lang.String str)
boolean	libinjection_sqli_not_whitelist()
boolean	libinjection_sqli_tokenize()
boolean	libinjection_sqli(java.lang.String input) Main API
int	parse_backslash()
int	parse_bstring()
int	parse_bword()
int	parse_char()
int	parse_dash()
int	parse_eol_comment()
int	parse_estring()
int	parse_hash()
int	parse_money()
int	parse_nqstring()
int	parse_number()
int	parse_operator1()
int	parse_operator2()
int	parse_other()
int	parse_qstring_core(int offset)
int	parse_qstring()
int	parse_slash()
int	parse_string_core(char delim, int offset)
int	parse_string()
int	parse_tick()
int	parse_ustring()
int	parse_var()
int	parse_white() Parsers: Looks at current character in input String, makes sense of it and turns it into a token.
int	parse_word()
int	parse_xstring()
boolean	reparse_as_mysql()
int	strlencspn(java.lang.String s, java.lang.String unaccepted)
int	strlenspn(java.lang.String s, java.lang.String accept)
boolean	syntax_merge_words(com.sh.wf.module.parser.sql.Token a, int apos, com.sh.wf.module.parser.sql.Token b, int bpos) Helper Functions
boolean	token_is_arithmetic_op(com.sh.wf.module.parser.sql.Token token)
boolean	token_is_unary_op(com.sh.wf.module.parser.sql.Token token)

从类继承的方法 java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

LIBINJECTION_SQLI_MAX_TOKENS

public static final int LIBINJECTION_SQLI_MAX_TOKENS

另请参阅:

常量字段值

FLAG_QUOTE_NONE

public static final int FLAG_QUOTE_NONE

另请参阅:

常量字段值

FLAG_QUOTE_SINGLE

public static final int FLAG_QUOTE_SINGLE

另请参阅:

常量字段值

FLAG_QUOTE_DOUBLE

public static final int FLAG_QUOTE_DOUBLE

另请参阅:

常量字段值

FLAG_SQL_ANSI

public static final int FLAG_SQL_ANSI

另请参阅:

常量字段值

FLAG_SQL_MYSQL

public static final int FLAG_SQL_MYSQL

另请参阅:

常量字段值

TYPE_NONE

public static final int TYPE_NONE

另请参阅:

常量字段值

TYPE_KEYWORD

public static final int TYPE_KEYWORD

另请参阅:

常量字段值

TYPE_UNION

public static final int TYPE_UNION

另请参阅:

常量字段值

TYPE_GROUP

public static final int TYPE_GROUP

另请参阅:

常量字段值

TYPE_EXPRESSION

public static final int TYPE_EXPRESSION

另请参阅:

常量字段值

TYPE_SQLTYPE

public static final int TYPE_SQLTYPE

另请参阅:

常量字段值

TYPE_FUNCTION

public static final int TYPE_FUNCTION

另请参阅:

常量字段值

TYPE_BAREWORD

public static final int TYPE_BAREWORD

另请参阅:

常量字段值

TYPE_NUMBER

public static final int TYPE_NUMBER

另请参阅:

常量字段值

TYPE_VARIABLE

public static final int TYPE_VARIABLE

另请参阅:

常量字段值

TYPE_STRING

public static final int TYPE_STRING

另请参阅:

常量字段值

TYPE_OPERATOR

public static final int TYPE_OPERATOR

另请参阅:

常量字段值

TYPE_LOGIC_OPERATOR

public static final int TYPE_LOGIC_OPERATOR

另请参阅:

常量字段值

TYPE_COMMENT

public static final int TYPE_COMMENT

另请参阅:

常量字段值

TYPE_COLLATE

public static final int TYPE_COLLATE

另请参阅:

常量字段值

TYPE_LEFTPARENS

public static final int TYPE_LEFTPARENS

另请参阅:

常量字段值

TYPE_RIGHTPARENS

public static final int TYPE_RIGHTPARENS

另请参阅:

常量字段值

TYPE_LEFTBRACE

public static final int TYPE_LEFTBRACE

另请参阅:

常量字段值

TYPE_RIGHTBRACE

public static final int TYPE_RIGHTBRACE

另请参阅:

常量字段值

TYPE_DOT

public static final int TYPE_DOT

另请参阅:

常量字段值

TYPE_COMMA

public static final int TYPE_COMMA

另请参阅:

常量字段值

TYPE_COLON

public static final int TYPE_COLON

另请参阅:

常量字段值

TYPE_SEMICOLON

public static final int TYPE_SEMICOLON

另请参阅:

常量字段值

TYPE_TSQL

public static final int TYPE_TSQL

另请参阅:

常量字段值

TYPE_UNKNOWN

public static final int TYPE_UNKNOWN

另请参阅:

常量字段值

TYPE_EVIL

public static final int TYPE_EVIL

另请参阅:

常量字段值

TYPE_FINGERPRINT

public static final int TYPE_FINGERPRINT

另请参阅:

常量字段值

TYPE_BACKSLASH

public static final int TYPE_BACKSLASH

另请参阅:

常量字段值

CHAR_NULL

public static final char CHAR_NULL

另请参阅:

常量字段值

CHAR_SINGLE

public static final char CHAR_SINGLE

另请参阅:

常量字段值

CHAR_DOUBLE

public static final char CHAR_DOUBLE

另请参阅:

常量字段值

CHAR_TICK

public static final char CHAR_TICK

另请参阅:

常量字段值

构造器详细资料

Libinjection

public Libinjection()

方法详细资料

getState

public com.sh.wf.module.parser.sql.State getState()

getOutput

public java.lang.String getOutput()

libinjection_sqli

public boolean libinjection_sqli(java.lang.String input)

Main API

libinjection_is_sqli

public boolean libinjection_is_sqli()

reparse_as_mysql

public boolean reparse_as_mysql()

libinjection_sqli_fingerprint

public java.lang.String libinjection_sqli_fingerprint(int flags)

Secondary API: Detect SQLi GIVEN a context.

libinjection_sqli_lookup_word

public java.lang.Character libinjection_sqli_lookup_word(java.lang.String str)

is_keyword

public boolean is_keyword(java.lang.String str)

libinjection_sqli_check_fingerprint

public boolean libinjection_sqli_check_fingerprint()

libinjection_sqli_blacklist

public boolean libinjection_sqli_blacklist()

libinjection_sqli_not_whitelist

public boolean libinjection_sqli_not_whitelist()

libinjection_sqli_fold

public int libinjection_sqli_fold()

libinjection_sqli_tokenize

public boolean libinjection_sqli_tokenize()

parse_white

public int parse_white()

Parsers: Looks at current character in input String, makes sense of it and turns it into a token.

parse_operator1

public int parse_operator1()

parse_other

public int parse_other()

parse_char

public int parse_char()

parse_eol_comment

public int parse_eol_comment()

parse_hash

public int parse_hash()

parse_dash

public int parse_dash()

parse_slash

public int parse_slash()

parse_backslash

public int parse_backslash()

parse_operator2

public int parse_operator2()

parse_string_core

public int parse_string_core(char delim,
                             int offset)

parse_string

public int parse_string()

parse_estring

public int parse_estring()

parse_ustring

public int parse_ustring()

parse_qstring_core

public int parse_qstring_core(int offset)

parse_qstring

public int parse_qstring()

parse_nqstring

public int parse_nqstring()

parse_bstring

public int parse_bstring()

parse_xstring

public int parse_xstring()

parse_bword

public int parse_bword()

parse_word

public int parse_word()

parse_tick

public int parse_tick()

parse_var

public int parse_var()

parse_money

public int parse_money()

parse_number

public int parse_number()

syntax_merge_words

public boolean syntax_merge_words(com.sh.wf.module.parser.sql.Token a,
                                  int apos,
                                  com.sh.wf.module.parser.sql.Token b,
                                  int bpos)

Helper Functions

token_is_unary_op

public boolean token_is_unary_op(com.sh.wf.module.parser.sql.Token token)

token_is_arithmetic_op

public boolean token_is_arithmetic_op(com.sh.wf.module.parser.sql.Token token)

char_is_white

public boolean char_is_white(char ch)

is_mysql_comment

public boolean is_mysql_comment(java.lang.String s,
                                int len,
                                int pos)

is_backslash_escaped

public boolean is_backslash_escaped(int end,
                                    int start,
                                    java.lang.String s)

is_double_delim_escaped

public boolean is_double_delim_escaped(int cur,
                                       int end,
                                       java.lang.String s)

flag2delim

public char flag2delim(int flag)

strlenspn

public int strlenspn(java.lang.String s,
                     java.lang.String accept)

strlencspn

public int strlencspn(java.lang.String s,
                      java.lang.String unaccepted)