MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / tamper

Function tamper

tamper/randomcomments.py:17–50  ·  view source on GitHub ↗

Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT) >>> import random >>> random.seed(0) >>> tamper('INSERT') 'I/**/NS/**/ERT'

(payload, **kwargs)

Source from the content-addressed store, hash-verified

15__priority__ = PRIORITY.LOW
16
17def tamper(payload, **kwargs):
18 """
19 Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
20
21 >>> import random
22 >>> random.seed(0)
23 >>> tamper('INSERT')
24 'I/**/NS/**/ERT'
25 """
26
27 retVal = payload
28
29 if payload:
30 for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
31 word = match.group()
32
33 if len(word) < 2:
34 continue
35
36 if word.upper() in kb.keywords:
37 _ = word[0]
38
39 for i in xrange(1, len(word) - 1):
40 _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])
41
42 _ += word[-1]
43
44 if "/**/" not in _:
45 index = randomRange(1, len(word) - 1)
46 _ = word[:index] + "/**/" + word[index:]
47
48 retVal = retVal.replace(word, _)
49
50 return retVal

Callers

nothing calls this directly

Calls 3

randomRangeFunction · 0.90
xrangeClass · 0.85
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…