demos.antiSQLInjection
Class TAntiSQLInjection

java.lang.Object
  demos.antiSQLInjection.TAntiSQLInjection

public class TAntiSQLInjection
extends java.lang.Object

This is the classed used to check sql injection, it can detect following type of sql injection

• syntax error
• always_true_condition
• always_false_condition
• comment_at_the_end_of_statement
• stacking_queries
• not_in_allowed_statement
• union_set

Constructor Summary

TAntiSQLInjection(EDbVendor dbVendor)

Method Summary

void	check_always_false_condition(boolean on) turn on/off the check of ESQLInjectionType.always_false_condition default is on
void	check_always_true_condition(boolean on) turn on/off the check of ESQLInjectionType.always_true_condition default is on
void	check_comment_at_the_end_of_statement(boolean on) turn on/off the check of ESQLInjectionType.comment_at_the_end_of_statement default is on
void	check_not_in_allowed_statement(boolean on) turn on/off the check of ESQLInjectionType.not_in_allowed_statement default is on
void	check_stacking_queries(boolean on) turn on/off the check of ESQLInjectionType.stacking_queries default is on
void	check_union_set(boolean on) turn on/off the check of ESQLInjectionType.union_set default is on
void	disableStatement(ESqlStatementType sqltype) disable a type of sql statement that allowed to be executed in database.
void	enableStatement(ESqlStatementType sqltype) add a type of sql statement that allowed to be executed in database.
java.util.ArrayList<ESqlStatementType>	getEnabledStatements() get a list of sql statement type that allowed to be executed in database.
java.util.ArrayList<TSQLInjection>	getSqlInjections()
boolean	isInjected(java.lang.String sql) Check is sql was injected or not.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TAntiSQLInjection

public TAntiSQLInjection(EDbVendor dbVendor)

Method Detail

check_union_set

public void check_union_set(boolean on)

turn on/off the check of ESQLInjectionType.union_set default is on

Parameters:

on -

check_not_in_allowed_statement

public void check_not_in_allowed_statement(boolean on)

turn on/off the check of ESQLInjectionType.not_in_allowed_statement default is on

Parameters:

on -

check_stacking_queries

public void check_stacking_queries(boolean on)

turn on/off the check of ESQLInjectionType.stacking_queries default is on

Parameters:

on -

check_comment_at_the_end_of_statement

public void check_comment_at_the_end_of_statement(boolean on)

turn on/off the check of ESQLInjectionType.comment_at_the_end_of_statement default is on

Parameters:

on -

check_always_false_condition

public void check_always_false_condition(boolean on)

turn on/off the check of ESQLInjectionType.always_false_condition default is on

Parameters:

on -

check_always_true_condition

public void check_always_true_condition(boolean on)

turn on/off the check of ESQLInjectionType.always_true_condition default is on

Parameters:

on -

getSqlInjections

public java.util.ArrayList<TSQLInjection> getSqlInjections()

enableStatement

public void enableStatement(ESqlStatementType sqltype)

add a type of sql statement that allowed to be executed in database.

Parameters:

sqltype -

getEnabledStatements

public java.util.ArrayList<ESqlStatementType> getEnabledStatements()

get a list of sql statement type that allowed to be executed in database.

Returns:

disableStatement

public void disableStatement(ESqlStatementType sqltype)

disable a type of sql statement that allowed to be executed in database.

Parameters:

sqltype -

isInjected

public boolean isInjected(java.lang.String sql)

Check is sql was injected or not.

Parameters:

sql -

Returns:

if return true, use this.getSqlInjections() to get detailed information about sql injection.