Sha256: 4e053774613b2b41682a8649303cf77dad4c8a0cd9ca9e18591fe9f6e573e51f

Contents?: true

Size: 1.52 KB

Versions: 13

Compression:

Stored size: 1.52 KB

Contents

# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

# This class is the concrete implementation of the DefaultSqlScanner designed
# to support the customizations of MySQL.
#
# @deprecated RUBY-356
# rubocop:disable Style/ClassAndModuleChildren
class Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner <
    Contrast::Agent::Protect::Rule::Sqli::DefaultSqlScanner
  # rubocop:enable Style/ClassAndModuleChildren

  # Is the current character '#' or are the current and
  # subsequent characters both '-' ?
  def start_line_comment? char, index, query
    return true if char == Contrast::Utils::ObjectShare::POUND_SIGN
    return false unless char == Contrast::Utils::ObjectShare::DASH
    return false unless (query.length - 2) >= index

    query[index + 1] == Contrast::Utils::ObjectShare::DASH
  end

  # Is the current character / sequence of characters the start of a block
  # comment. In MySQL, '/*!' is an inline comment that has code that's
  # executed, so it does not count as a block comment start
  def start_block_comment? char, index, query
    return false unless char == Contrast::Utils::ObjectShare::SLASH
    return false unless (query.length - 3) >= index

    query[index + 1] == Contrast::Utils::ObjectShare::ASTERISK &&
        query[index + 2] != Contrast::Utils::ObjectShare::EXCLAMATION
  end

  # Indicates if '""' inside of double quotes is the equivalent of '\"'
  def double_quote_escape_in_double_quote?
    true
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
contrast-agent-4.14.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.14.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.13.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.13.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.12.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.11.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.10.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.9.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.9.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.8.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.7.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.6.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.5.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb