In [None]:
import pandas as pd
import re

# Define the list of potential SQL injection patterns to look for
patterns = [
    r'(?i)\bunion\s+select\b',
    r'(?i)\bselect\s+.*\bfrom\s+information_schema.tables\b',
    r'(?i)\bselect\s+\*\s+from\s+users\b',
    r'(?i)\bselect\s+count\s+\(.*\)\s+from\s+tabname\b',
    r'(?i)\bselect\s+\*\s+from\s+sysobjects\b',
    r'(?i)\bcreate\s+user\b',
    r'(?i)\bdrop\s+table\b',
    r'(?i)\bwaitfor\s+delay\b',
    r'(?i)\bload_file\b'
]

def scan_for_sql_injections(file_path):
    # Initialize a list to store the findings
    findings = []

    # Try different encodings to open the file
    encodings_to_try = ['utf-8', 'utf-16', 'latin-1', 'ISO-8859-1', 'utf-8-sig', 'windows-1252']
    
    for encoding in encodings_to_try:
        try:
            with open(file_path, 'r', encoding=encoding) as file:
                # Loop through each line in the file
                for line_num, line in enumerate(file, start=1):
                    # Check each pattern in the line
                    for pattern in patterns:
                        # If a pattern matches, store the line number and the matched pattern
                        if re.search(pattern, line):
                            findings.append({"Line Number": line_num, "Pattern Found": re.search(pattern, line).group()})
            
            # Convert the findings to a pandas DataFrame
            if findings:
                df = pd.DataFrame(findings)
                return df
            else:
                return "No SQL injection patterns found."
        
        except UnicodeDecodeError as e:
            print(f"Unicode decode error with encoding {encoding}: {e}")
            continue  # Try the next encoding
        except Exception as e:
            return str(e)

    return "Unable to open the file with any of the tried encodings."

# Specify the path to your file
file_path = "C:/Users/user/Desktop/rrrrrrrr/cybersec/archive/sqli.csv"  # Replace with the actual file path

# Call the function and print the results
results = scan_for_sql_injections(file_path)

# Check if results is a DataFrame or message and print accordingly
if isinstance(results, pd.DataFrame):
    print(results)
else:
    print(results)
