sqlinjection-detect
github路径:
https://github.com/peter-cui1221/sqlinjection-detect
介绍
sqlinjection-detect(https://github.com/peter-cui1221/sqlinjection-detect)是一款用C语言实现的基于语义分析的SQL注入检测引擎。
Simple example:
#include <stdio.h> #include <string.h> #include "sqli_detect.h" int main(int argc, char* argv[]) { char *str = "1' or '1'='1"; int ret = sqli_detect(str, strlen(str)); if (ret > 0) { printf("sqli found\n"); } return ret; }
vs libinjection
sqlinjection-detect是一款基于语义分析的SQL注册检测库,能够有效的提高检出率,减少误报。相比之下,libinjection(https://github.com/client9/libinjection) 是一款基于词法分析SQL注入检测库。sqlinjection-detect和长亭的SQLChop(https://github.com/chaitin/sqlchop) 从功能的角度来看是一样的。
usage
$ ./build.sh $ cmake . -DCMAKE_BUILD_TYPE=Release $ make $ gcc -I src/include/ sqli_test.c -o sqli_test -L. -lsqli_detect $ ./sqli_test $ sqli found
thanks
this project is base on https://github.com/winkyao/lemon