1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import random
9
import re
10

11
from lib.core.data import kb
12
from lib.core.datatype import OrderedSet
13
from lib.core.enums import PRIORITY
14

15
__priority__ = PRIORITY.NORMAL
16

17
def dependencies():
18
    pass
19

20
def tamper(payload, **kwargs):
21
    """
22
    Adds multiple spaces (' ') around SQL keywords
23

24
    Notes:
25
        * Useful to bypass very weak and bespoke web application firewalls
26
          that has poorly written permissive regular expressions
27

28
    Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt
29

30
    >>> random.seed(0)
31
    >>> tamper('1 UNION SELECT foobar')
32
    '1     UNION     SELECT     foobar'
33
    """
34

35
    retVal = payload
36

37
    if payload:
38
        words = OrderedSet()
39

40
        for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
41
            word = match.group()
42

43
            if word.upper() in kb.keywords:
44
                words.add(word)
45

46
        for word in words:
47
            retVal = re.sub(r"(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randint(1, 4), word, ' ' * random.randint(1, 4)), retVal)
48
            retVal = re.sub(r"(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randint(1, 4), word), retVal)
49

50
    return retVal
51

52