Documentation ¶
Index ¶
Constants ¶
const ( FullCheckReasonOK = "ok" FullCheckReasonModified = "AST modified" FullCheckReasonMoreStatements = "none or multiple SQls" FullCheckReasonSyntaxError = "syntax error" FullCheckReasonConstantBinaryExpression = "constant binary expression" FullCheckReasonConstantSelectStatement = "constant select statement" )
const ( PartialCheckReasonOK = "ok" PartialCheckReasonModified = "AST modified" PartialCheckReasonTemplateError = "template error" PartialCheckReasonSyntaxError = "syntax error" PartialCheckReasonMoreStatements = "none or multiple SQls" )
Variables ¶
This section is empty.
Functions ¶
func IsFullInjection ¶
func IsFullInjection(node *syntax.Node, result *FullResult)
Types ¶
type Decoder ¶
Decoder is a chain of decoders for SQL statements.
func DefaultDecoders ¶
func DefaultDecoders() *Decoder
DefaultDecoders returns the default decoders, with URLDecode.
func NewDecoder ¶
NewDecoder creates a new decoder with the given decoders.
type FullChecker ¶
type FullChecker struct {
Decoder *Decoder
}
func DefaultFullChecker ¶
func DefaultFullChecker() *FullChecker
func NewFullChecker ¶
func NewFullChecker(decoder *Decoder) *FullChecker
func (*FullChecker) Check ¶
func (c *FullChecker) Check(raw string) *FullResult
type FullElementResult ¶
type FullResult ¶
type FullResult struct { Err error Reason string Elements []FullElementResult AllowMultipleStatements bool }
func (*FullResult) IsInjection ¶
func (r *FullResult) IsInjection() bool
type PartialChecker ¶
type PartialChecker struct { Templates []PartialSQLTemplate Decoder *Decoder }
func DefaultPartialChecker ¶
func DefaultPartialChecker() *PartialChecker
DefaultPartialChecker Create a checker for partial SQL, with default templates and decoders.
func NewPartialChecker ¶
func NewPartialChecker(templates []PartialSQLTemplate, decoder *Decoder) *PartialChecker
NewPartialChecker Create a checker for partial SQL, with custom templates and decoders.
func (*PartialChecker) Check ¶
func (c *PartialChecker) Check(raw string) *PartialResult
Check checks if the payload is a SQL injection. Payload CAN BE encoded, and will be decoded before checking.
type PartialResult ¶
type PartialResult struct {
Results []PartialSQLCheckResult
}
func (*PartialResult) IsInjection ¶
func (r *PartialResult) IsInjection() bool
IsInjection Is a SQL injection, at least one template is a SQL injection.
type PartialSQLCheckResult ¶
type PartialSQLCheckResult struct { IsInjection bool Template string Payload string Reason string Err error AstCorrect []*syntax.Node AstPartial []*syntax.Node }
PartialSQLCheckResult is the result of partial SQL injection checking
func (*PartialSQLCheckResult) SQL ¶
func (r *PartialSQLCheckResult) SQL() string
func (*PartialSQLCheckResult) SQLInColour ¶
func (r *PartialSQLCheckResult) SQLInColour() string
type PartialSQLTemplate ¶
PartialSQLTemplate is a template for partial SQL injection checking.
func (PartialSQLTemplate) Build ¶
func (t PartialSQLTemplate) Build(input string) string
func (PartialSQLTemplate) Check ¶
func (t PartialSQLTemplate) Check(payload string) *PartialSQLCheckResult
Check checks if the payload is a SQL injection. Payload MUST BE raw SQL text.
func (PartialSQLTemplate) Correct ¶
func (t PartialSQLTemplate) Correct() string