SQL / SQLI tokenizer parser analyzer
Python C++ C Shell
Switch branches/tags
Nothing to show
Pull request Compare This branch is 1 commit ahead, 1763 commits behind client9:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
c
cxxtest
data
misc
mytests
python
tests
.gitignore
COPYING.txt
README.md

README.md

libinjection

SQL / SQLI tokenizer parser analyzer.

See http://www.client9.com/projects/libinjection/ for details and presentations.

To use: look at sqli_cli.cpp, reader.c as examples, but it's as simple as this:

#include "sqlparse.h"

// state data structure
sfilter sf;

// clean up input... always makes input smaller.
len = sqli_qs_normalize(linebuf, len);

// test it.  1 = is isql, 0 = benign
bool issqli = is_sqli(&sf, linebuf, len);

// sfilter now also has interesting details
//   the fingerprint
//   tokens
//   etc
// details to come

Copyright (c) 2012 Nick Galbreath GPL v2 License commercial licenses available. Send requests to nickg@client9.com

The goal of the GPL license is have commericial parties get in contact, not to restrict usage. I'm happy to re-license if need be.