[mod-security-users] normalizeSql transformation
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] normalizeSql transformation
|
From: Marc S. <mar...@ap...> - 2011-10-21 11:53:15
|
Hello, While working with Breno on the implementation of the sqlHexDecode transformation function, I managed to take the time to design a normalization function for SQL. Here is what it would do: 1. Transform 0x... 2. Merge all redundant spaces (including tabs, CR, LF) to one space 3. Merge all redundant quotes (single, double & back) to one single quote 4. Remove all backslashes 5. Remove space around operators (plus, minus, etc.) 6. Remove space before & after a quote (not sure about this one) What do you think about that? Anything missing? What about removing space before/after a quote? Regards Marc Stern Security Expert - Head of Security Consulting Division Approach Belgium - www.approach.be <http://www.approach.be> LinkedIn <http://www.linkedin.com/in/marcstern> ------------------------------------------------------------------------ This e-mail and any attachment are confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, please contact the sender and delete this message and any attachment from your system. Unauthorised publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachments is strictly prohibited. |
