程序包 com.sh.wf.module.parser.sql

类 Libinjection

java.lang.Object
com.sh.wf.module.parser.sql.Libinjection
public class Libinjection extends Object

  • 字段详细资料

    • LIBINJECTION_SQLI_MAX_TOKENS

      public static final int LIBINJECTION_SQLI_MAX_TOKENS
      另请参阅:

    • FLAG_QUOTE_NONE

      public static final int FLAG_QUOTE_NONE
      另请参阅:

    • FLAG_QUOTE_SINGLE

      public static final int FLAG_QUOTE_SINGLE
      另请参阅:

    • FLAG_QUOTE_DOUBLE

      public static final int FLAG_QUOTE_DOUBLE
      另请参阅:

    • FLAG_SQL_ANSI

      public static final int FLAG_SQL_ANSI
      另请参阅:

    • FLAG_SQL_MYSQL

      public static final int FLAG_SQL_MYSQL
      另请参阅:

    • TYPE_NONE

      public static final int TYPE_NONE
      另请参阅:

    • TYPE_KEYWORD

      public static final int TYPE_KEYWORD
      另请参阅:

    • TYPE_UNION

      public static final int TYPE_UNION
      另请参阅:

    • TYPE_GROUP

      public static final int TYPE_GROUP
      另请参阅:

    • TYPE_EXPRESSION

      public static final int TYPE_EXPRESSION
      另请参阅:

    • TYPE_SQLTYPE

      public static final int TYPE_SQLTYPE
      另请参阅:

    • TYPE_FUNCTION

      public static final int TYPE_FUNCTION
      另请参阅:

    • TYPE_BAREWORD

      public static final int TYPE_BAREWORD
      另请参阅:

    • TYPE_NUMBER

      public static final int TYPE_NUMBER
      另请参阅:

    • TYPE_VARIABLE

      public static final int TYPE_VARIABLE
      另请参阅:

    • TYPE_STRING

      public static final int TYPE_STRING
      另请参阅:

    • TYPE_OPERATOR

      public static final int TYPE_OPERATOR
      另请参阅:

    • TYPE_LOGIC_OPERATOR

      public static final int TYPE_LOGIC_OPERATOR
      另请参阅:

    • TYPE_COMMENT

      public static final int TYPE_COMMENT
      另请参阅:

    • TYPE_COLLATE

      public static final int TYPE_COLLATE
      另请参阅:

    • TYPE_LEFTPARENS

      public static final int TYPE_LEFTPARENS
      另请参阅:

    • TYPE_RIGHTPARENS

      public static final int TYPE_RIGHTPARENS
      另请参阅:

    • TYPE_LEFTBRACE

      public static final int TYPE_LEFTBRACE
      另请参阅:

    • TYPE_RIGHTBRACE

      public static final int TYPE_RIGHTBRACE
      另请参阅:

    • TYPE_DOT

      public static final int TYPE_DOT
      另请参阅:

    • TYPE_COMMA

      public static final int TYPE_COMMA
      另请参阅:

    • TYPE_COLON

      public static final int TYPE_COLON
      另请参阅:

    • TYPE_SEMICOLON

      public static final int TYPE_SEMICOLON
      另请参阅:

    • TYPE_TSQL

      public static final int TYPE_TSQL
      另请参阅:

    • TYPE_UNKNOWN

      public static final int TYPE_UNKNOWN
      另请参阅:

    • TYPE_EVIL

      public static final int TYPE_EVIL
      另请参阅:

    • TYPE_FINGERPRINT

      public static final int TYPE_FINGERPRINT
      另请参阅:

    • TYPE_BACKSLASH

      public static final int TYPE_BACKSLASH
      另请参阅:

    • CHAR_NULL

      public static final char CHAR_NULL
      另请参阅:

    • CHAR_SINGLE

      public static final char CHAR_SINGLE
      另请参阅:

    • CHAR_DOUBLE

      public static final char CHAR_DOUBLE
      另请参阅:

    • CHAR_TICK

      public static final char CHAR_TICK
      另请参阅:

  • 构造器详细资料

    • Libinjection

      public Libinjection()

  • 方法详细资料

    • getState

      public com.sh.wf.module.parser.sql.State getState()

    • getOutput

      public String getOutput()

    • libinjection_sqli

      public boolean libinjection_sqli(String input)
      Main API

    • libinjection_is_sqli

      public boolean libinjection_is_sqli()

    • reparse_as_mysql

      public boolean reparse_as_mysql()

    • libinjection_sqli_fingerprint

      public String libinjection_sqli_fingerprint(int flags)
      Secondary API: Detect SQLi GIVEN a context.

    • libinjection_sqli_lookup_word

      public Character libinjection_sqli_lookup_word(String str)

    • is_keyword

      public boolean is_keyword(String str)

    • libinjection_sqli_check_fingerprint

      public boolean libinjection_sqli_check_fingerprint()

    • libinjection_sqli_blacklist

      public boolean libinjection_sqli_blacklist()

    • libinjection_sqli_not_whitelist

      public boolean libinjection_sqli_not_whitelist()

    • libinjection_sqli_fold

      public int libinjection_sqli_fold()

    • libinjection_sqli_tokenize

      public boolean libinjection_sqli_tokenize()

    • parse_white

      public int parse_white()
      Parsers: Looks at current character in input String, makes sense of it and turns it into a token.

    • parse_operator1

      public int parse_operator1()

    • parse_other

      public int parse_other()

    • parse_char

      public int parse_char()

    • parse_eol_comment

      public int parse_eol_comment()

    • parse_hash

      public int parse_hash()

    • parse_dash

      public int parse_dash()

    • parse_slash

      public int parse_slash()

    • parse_backslash

      public int parse_backslash()

    • parse_operator2

      public int parse_operator2()

    • parse_string_core

      public int parse_string_core(char delim, int offset)

    • parse_string

      public int parse_string()

    • parse_estring

      public int parse_estring()

    • parse_ustring

      public int parse_ustring()

    • parse_qstring_core

      public int parse_qstring_core(int offset)

    • parse_qstring

      public int parse_qstring()

    • parse_nqstring

      public int parse_nqstring()

    • parse_bstring

      public int parse_bstring()

    • parse_xstring

      public int parse_xstring()

    • parse_bword

      public int parse_bword()

    • parse_word

      public int parse_word()

    • parse_tick

      public int parse_tick()

    • parse_var

      public int parse_var()

    • parse_money

      public int parse_money()

    • parse_number

      public int parse_number()

    • syntax_merge_words

      public boolean syntax_merge_words(com.sh.wf.module.parser.sql.Token a, int apos, com.sh.wf.module.parser.sql.Token b, int bpos)
      Helper Functions

    • token_is_unary_op

      public boolean token_is_unary_op(com.sh.wf.module.parser.sql.Token token)

    • token_is_arithmetic_op

      public boolean token_is_arithmetic_op(com.sh.wf.module.parser.sql.Token token)

    • char_is_white

      public boolean char_is_white(char ch)

    • is_mysql_comment

      public boolean is_mysql_comment(String s, int len, int pos)

    • is_backslash_escaped

      public boolean is_backslash_escaped(int end, int start, String s)

    • is_double_delim_escaped

      public boolean is_double_delim_escaped(int cur, int end, String s)

    • flag2delim

      public char flag2delim(int flag)

    • strlenspn

      public int strlenspn(String s, String accept)

    • strlencspn

      public int strlencspn(String s, String unaccepted)