/** * @param string $param * @return bool */ public static function testForSQLi($param) { static $instance; static $tests; if (!$instance) { $instance = new self(new wfWAFSQLiLexer()); } if (!$tests) { // SQL statement and token count for lexer $tests = array(array('%s', 1), array('SELECT * FROM t WHERE i = %s ', 8), array("SELECT * FROM t WHERE i = '%s' ", 8), array('SELECT * FROM t WHERE i = "%s" ', 8), array('SELECT * FROM t WHERE i = (%s) ', 10), array("SELECT * FROM t WHERE i = ('%s') ", 10), array('SELECT * FROM t WHERE i = ("%s") ', 10), array('SELECT * FROM t WHERE i = ((%s)) ', 12), array("SELECT * FROM t WHERE i = (('%s')) ", 12), array('SELECT * FROM t WHERE i = (("%s")) ', 12), array('SELECT * FROM t WHERE i = (((%s))) ', 14), array("SELECT * FROM t WHERE i = ((('%s'))) ", 14), array('SELECT * FROM t WHERE i = ((("%s"))) ', 14), array('SELECT * FROM t WHERE i = %s and j = (1 ) ', 14), array("SELECT * FROM t WHERE i = '%s' and j = (1\n) ", 14), array('SELECT * FROM t WHERE i = "%s" and j = (1 ) ', 14), array('SELECT MATCH(t) AGAINST (%s) from t ', 11), array("SELECT MATCH(t) AGAINST ('%s') from t ", 11), array('SELECT MATCH(t) AGAINST ("%s") from t ', 11), array('SELECT * FROM (select %s) ', 7), array("SELECT * FROM (select '%s') ", 7), array('SELECT * FROM (select "%s") ', 7), array('SELECT * FROM (select (%s)) ', 9), array("SELECT * FROM (select ('%s')) ", 9), array('SELECT * FROM (select ("%s")) ', 9), array('SELECT * FROM (select ((%s))) ', 11), array("SELECT * FROM (select (('%s'))) ", 11), array('SELECT * FROM (select (("%s"))) ', 11), array('SELECT * FROM %s ', 4), array('INSERT INTO t (col) VALUES (%s) ', 10), array("INSERT INTO t (col) VALUES ('%s') ", 10), array('INSERT INTO t (col) VALUES ("%s") ', 10), array('UPDATE t1 SET col1 = %s ', 6), array('UPDATE t1 SET col1 = \'%s\' ', 6)); } $lexerFlags = array(0, wfWAFSQLiLexer::FLAG_TOKENIZE_MYSQL_PORTABLE_COMMENTS); foreach ($lexerFlags as $flags) { foreach ($tests as $test) { // $startTime = microtime(true); list($sql, $expectedTokenCount) = $test; try { $instance->setFlags($flags); $instance->setSubject(sprintf($sql, $param)); if ($instance->hasMoreThanNumTokens($expectedTokenCount) && $instance->evaluate() || $instance->hasMultiplePortableCommentVersions()) { // printf("%s took %f seconds\n", $sql, microtime(true) - $startTime); return true; } // printf("%s took %f seconds\n", $sql, microtime(true) - $startTime); } catch (wfWAFParserSyntaxError $e) { } } } return false; }
public static function simpleEvalXPath($xpath, \DOMDocument $dom, array $ns = array()) { $xp = new self($dom); foreach ($ns as $prefix => $uri) { $xp->registerNamespace($prefix, $uri); } return $xp->evaluate($xpath); }
/** * Shortcut to instantiate, tokenize, parse and evaluate * * @param string $expression * @param array $values * @return boolean */ public static function run($expression, $values) { $evaluator = new self(); $evaluator->parse($evaluator->tokenize($expression)); return $evaluator->evaluate($values); }