From 8612d89275d12deb8c128d2d5a3816f5e31f7b0c Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Thu, 19 Sep 2019 12:22:21 +0200
Subject: [PATCH] fix: [SQL module] fix typo

---
 bin/SQLInjectionDetection.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/bin/SQLInjectionDetection.py b/bin/SQLInjectionDetection.py
index f46a740e..3d8761a3 100755
--- a/bin/SQLInjectionDetection.py
+++ b/bin/SQLInjectionDetection.py
@@ -25,7 +25,7 @@ from pyfaup.faup import Faup
 SQLI_REGEX = r"information_schema|sysdatabases|sysusers|floor\(rand\(|ORDER BY \d+|\bUNION\s+(ALL\s+)?SELECT\b|\b(UPDATEXML|EXTRACTVALUE)\(|\bCASE[^\w]+WHEN.*THEN\b|\bWAITFOR[^\w]+DELAY\b|\bCONVERT\(|VARCHAR\(|\bCOUNT\(\*\)|\b(pg_)?sleep\(|\bSELECT\b.*\bFROM\b.*\b(WHERE|GROUP|ORDER)\b|\bSELECT \w+ FROM \w+|\b(AND|OR|SELECT)\b.*/\*.*\*/|/\*.*\*/.*\b(AND|OR|SELECT)\b|\b(AND|OR)[^\w]+\d+['\") ]?[=><]['\"( ]?\d+|ODBC;DRIVER|\bINTO\s+(OUT|DUMP)FILE"
 
 def analyse(url, path):
-    if is_sql_injection(url.decode()):
+    if is_sql_injection(url):
         faup.decode(url)
         url_parsed = faup.get()
         paste = Paste.Paste(path)
@@ -54,9 +54,8 @@ def analyse(url, path):
 # defined above on it.
 def is_sql_injection(url_parsed):
     line = urllib.request.unquote(url_parsed)
-    line = str.upper(line)
 
-    return re.search(SQLI_REGEX, url_parsed, re.I) is not None
+    return re.search(SQLI_REGEX, line, re.I) is not None
 
 
 if __name__ == '__main__':