|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectdemos.antiSQLInjection.GEval
public class GEval
GEval used to evaluate condition in where clause
Usage:
GEval e = new GEval()
e.value(condition,context)
This class help to find out expression that always return true or false which will be
used as a sql injection.
If expression can't be evaluated, then an unknown value was returned.
How this Evaluator works:
This Evaluator use Postfix expression evaluation to calculate value of an expression
TExpression.postOrderTraverse function traverses the expression in post fix order, and GEval work
as a tree visitor to evaluate value of this expression
Check this article to found out how postfix expression evaluation this works:
http://scriptasylum.com/tutorials/infix_postfix/algorithms/postfix-evaluation/index.htm
Supported expression syntax:
In condition was not supported yet, so
1 in (1,2,3), will return unknown value
you can modify this evaluator to meet your own requirements.
Constructor Summary | |
---|---|
GEval()
|
Method Summary | |
---|---|
java.lang.Object |
value(TExpression expr,
GContext context)
Evaluate a expression. |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public GEval()
Method Detail |
---|
public java.lang.Object value(TExpression expr, GContext context)
expr,
- condition need to be evaluated.context,
- not used in current version
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |