demos.antiSQLInjection
Class GEval

java.lang.Object
  extended by demos.antiSQLInjection.GEval

public class GEval
extends java.lang.Object

GEval used to evaluate condition in where clause

Usage:

GEval e = new GEval()

e.value(condition,context)

This class help to find out expression that always return true or false which will be

used as a sql injection.

If expression can't be evaluated, then an unknown value was returned.

How this Evaluator works:

This Evaluator use Postfix expression evaluation to calculate value of an expression

TExpression.postOrderTraverse function traverses the expression in post fix order, and GEval work

as a tree visitor to evaluate value of this expression

Check this article to found out how postfix expression evaluation this works:

http://scriptasylum.com/tutorials/infix_postfix/algorithms/postfix-evaluation/index.htm

Supported expression syntax:

In condition was not supported yet, so

1 in (1,2,3), will return unknown value

you can modify this evaluator to meet your own requirements.


Constructor Summary
GEval()
           
 
Method Summary
 java.lang.Object value(TExpression expr, GContext context)
          Evaluate a expression.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GEval

public GEval()
Method Detail

value

public java.lang.Object value(TExpression expr,
                              GContext context)
Evaluate a expression.

Parameters:
expr, - condition need to be evaluated.
context, - not used in current version
Returns: