regexes = {"regex": {"regexesSqlInjection": [{"regex": "select.+(from|limit)", "remarks": "", "score": ""},
{"regex": "(?:(union(.*?)select))", "remarks": "", "score": ""},
{"regex": "group(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "order(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "waitfor(\\s*)+delay(\\s*)+'\\d", "remarks": "", "score": ""}, {
"regex": "select([\\s\\S]*?)case([\\s\\S]*?)when([\\s\\S]*?)then([\\s\\S]*?)else",
"remarks": "", "score": ""},
{"regex": "convert\\(+(int|char)", "remarks": "", "score": ""},
{"regex": "sleep\\((\\s*)(\\d*)(\\s*)\\)", "remarks": "", "score": ""},
{"regex": "(insert|replace)(\\s*)+into.+values(\\s|)\\(", "remarks": "",
"score": ""},
{"regex": "exec.+(xp_cmdshell|master\\.dbo\\.)", "remarks": "",
"score": ""},
{"regex": "declare.+@.+exec.+@", "remarks": "", "score": ""}],
"regexesSqlInjectionLow": [{"regex": "benchmark\\((.*)\\,(.*)\\) ", "remarks": "", "score": ""},
{"regex": "base64_decode\\(", "remarks": "", "score": ""},
{"regex": "(?:from(\\s*)+information_schema(\\s*))", "remarks": "",
"score": ""},
{"regex": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
python+处理日志+处理URL防止SQL注入
最新推荐文章于 2024-04-12 16:47:04 发布
这篇博客介绍了如何使用Python处理日志,同时重点讲解了防止SQL注入的正则表达式规则,包括匹配SQL关键字、XSS攻击和目录遍历等潜在威胁。通过示例代码展示了如何对日志中的URL进行过滤,从而识别和阻止可能的攻击行为。
摘要由CSDN通过智能技术生成