Class: Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner Deprecated

Inherits:

DefaultSqlScanner

Object
DefaultScanner
DefaultSqlScanner
Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner

show all

Defined in:: lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb

Overview

Deprecated.

RUBY-356

This class is the concrete implementation of the DefaultSqlScanner designed to support the customizations of MySQL.

rubocop:disable Style/ClassAndModuleChildren

Constant Summary

Constants inherited from DefaultScanner

DefaultScanner::OPERATOR_PATTERN

Instance Method Summary collapse

#double_quote_escape_in_double_quote? ⇒ Boolean

Indicates if ‘“”’ inside of double quotes is the equivalent of ‘"’.
#start_block_comment?(char, index, query) ⇒ Boolean

Is the current character / sequence of characters the start of a block comment.
#start_line_comment?(char, index, query) ⇒ Boolean

Is the current character ‘#’ or are the current and subsequent characters both ‘-’ ?.

Methods inherited from DefaultScanner

#crosses_boundary

Instance Method Details

#double_quote_escape_in_double_quote? ⇒ `Boolean`

Indicates if ‘“”’ inside of double quotes is the equivalent of ‘"’

Returns:

(Boolean)



35
36
37

# File 'lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb', line 35

def double_quote_escape_in_double_quote?
  true
end

#start_block_comment?(char, index, query) ⇒ `Boolean`

Is the current character / sequence of characters the start of a block comment. In MySQL, ‘/*!’ is an inline comment that has code that’s executed, so it does not count as a block comment start

Returns:

(Boolean)

# File 'lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb', line 26

def start_block_comment? char, index, query
  return false unless char == Contrast::Utils::ObjectShare::SLASH
  return false unless (query.length - 3) >= index

  query[index + 1] == Contrast::Utils::ObjectShare::ASTERISK &&
      query[index + 2] != Contrast::Utils::ObjectShare::EXCLAMATION
end

#start_line_comment?(char, index, query) ⇒ `Boolean`

Is the current character ‘#’ or are the current and subsequent characters both ‘-’ ?

Returns:

(Boolean)

# File 'lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb', line 15

def start_line_comment? char, index, query
  return true if char == Contrast::Utils::ObjectShare::POUND_SIGN
  return false unless char == Contrast::Utils::ObjectShare::DASH
  return false unless (query.length - 2) >= index

  query[index + 1] == Contrast::Utils::ObjectShare::DASH
end

Class: Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner Deprecated

Overview

Constant Summary

Constants inherited from DefaultScanner

Instance Method Summary collapse

Methods inherited from DefaultScanner

Instance Method Details

#double_quote_escape_in_double_quote? ⇒ Boolean

#start_block_comment?(char, index, query) ⇒ Boolean

#start_line_comment?(char, index, query) ⇒ Boolean

#double_quote_escape_in_double_quote? ⇒ `Boolean`

#start_block_comment?(char, index, query) ⇒ `Boolean`

#start_line_comment?(char, index, query) ⇒ `Boolean`