1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import re
9

10
from lib.core.enums import PRIORITY
11

12
__priority__ = PRIORITY.NORMAL
13

14
def dependencies():
15
    pass
16

17
def tamper(payload, **kwargs):
18
    """
19
    Prepends (inline) comment before parentheses (e.g. ( -> /**/()
20

21
    Tested against:
22
        * Microsoft SQL Server
23
        * MySQL
24
        * Oracle
25
        * PostgreSQL
26

27
    Notes:
28
        * Useful to bypass web application firewalls that block usage
29
          of function calls
30

31
    >>> tamper('SELECT ABS(1)')
32
    'SELECT ABS/**/(1)'
33
    """
34

35
    retVal = payload
36

37
    if payload:
38
        retVal = re.sub(r"\b(\w+)\(", r"\g<1>/**/(", retVal)
39

40
    return retVal
41

42