Sha256: c15f33848695a641081af2930c82b586e92ecb86f73f8f377521d5a4c7e66ecb

Contents?: true

Size: 1.52 KB

Versions: 25

Compression:

Stored size: 1.52 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

# This class is the concrete implementation of the DefaultSqlScanner designed
# to support the customizations of MySQL.
#
# @deprecated RUBY-356
# rubocop:disable Style/ClassAndModuleChildren
class Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner <
    Contrast::Agent::Protect::Rule::Sqli::DefaultSqlScanner
  # rubocop:enable Style/ClassAndModuleChildren

  # Is the current character '#' or are the current and
  # subsequent characters both '-' ?
  def start_line_comment? char, index, query
    return true if char == Contrast::Utils::ObjectShare::POUND_SIGN
    return false unless char == Contrast::Utils::ObjectShare::DASH
    return false unless (query.length - 2) >= index

    query[index + 1] == Contrast::Utils::ObjectShare::DASH
  end

  # Is the current character / sequence of characters the start of a block
  # comment. In MySQL, '/*!' is an inline comment that has code that's
  # executed, so it does not count as a block comment start
  def start_block_comment? char, index, query
    return false unless char == Contrast::Utils::ObjectShare::SLASH
    return false unless (query.length - 3) >= index

    query[index + 1] == Contrast::Utils::ObjectShare::ASTERISK &&
        query[index + 2] != Contrast::Utils::ObjectShare::EXCLAMATION
  end

  # Indicates if '""' inside of double quotes is the equivalent of '\"'
  def double_quote_escape_in_double_quote?
    true
  end
end

Version data entries

25 entries across 25 versions & 1 rubygems

Version Path
contrast-agent-4.4.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.4.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.3.2 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.3.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.3.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.2.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.1.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-4.0.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.16.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.15.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.14.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.13.2 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.13.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.13.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.12.2 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.12.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.12.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.11.0 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.10.2 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
contrast-agent-3.10.1 lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb