sqlinjection-detect
github path:
https://github.com/peter-cui1221/sqlinjection-detect
Introduction
Detect-SQL Injection ( https://github.com/peter-cui1221/sqlinjection-detect ) is a C language based on a semantic analysis of SQL injection detection engine.
Simple example:
#include <stdio.h> #include <string.h> #include "sqli_detect.h" int main(int argc, char* argv[]) { char *str = "1' or '1'='1"; int ret = sqli_detect(str, strlen(str)); if (ret > 0) { printf("sqli found\n"); } return ret; }
vs libinjection
sqlinjection-detect is based on a semantic analysis of SQL registration detection library, can effectively improve the detection rate and reduce false positives. In contrast, libinjection ( https://github.com/client9/libinjection ) is a lexical analysis based on SQL injection detection library. sqlinjection-detect and pavilion of SQLChop ( https://github.com/chaitin/sqlchop ) from the functional point of view it is the same.
usage
$ ./build.sh $ cmake . -DCMAKE_BUILD_TYPE=Release $ make $ gcc -I src/include/ sqli_test.c -o sqli_test -L. -lsqli_detect $ ./sqli_test $ sqli found
thanks
this project is base on https://github.com/winkyao/lemon