Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/randomcomments.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9


10
from lib.core.common import randomRange

11
from lib.core.compat import xrange

12
from lib.core.data import kb

13
from lib.core.enums import PRIORITY

14


15
__priority__ = PRIORITY.LOW

16


17
def tamper(payload, **kwargs):

18
    """

19
    Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT)

20


21
    >>> import random

22
    >>> random.seed(0)

23
    >>> tamper('INSERT')

24
    'I/**/NS/**/ERT'

25
    """

26


27
    retVal = payload

28


29
    if payload:

30
        for match in re.finditer(r"\b[A-Za-z_]+\b", payload):

31
            word = match.group()

32


33
            if len(word) < 2:

34
                continue

35


36
            if word.upper() in kb.keywords:

37
                _ = word[0]

38


39
                for i in xrange(1, len(word) - 1):

40
                    _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])

41


42
                _ += word[-1]

43


44
                if "/**/" not in _:

45
                    index = randomRange(1, len(word) - 1)

46
                    _ = word[:index] + "/**/" + word[index:]

47


48
                retVal = retVal.replace(word, _)

49


50
    return retVal

51


52