Lab 5 - Build Your Own Metacharacter Parser

The purpose of this lab is to investigate metacharacter parsing, as described in Chapter 8 of the book. For this lab, you will code a metachar parser and then have another student in the class review your code to see if they can find any mistakes.

You can use one of the following programming languages for your metachar parser: C, C++, Perl, or PHP. You may not use ANY parsing or quoting/escaping libraries that those languages provide. You MUST build your own metacharacter parser.

Your metachar parser has to do one of the following tasks (choose whichever task appeals to you):

• Shell Metacharacter Escaping - Use the backslash (\) escape character to escape out any Bash metacharacters found in the given string. You can use either stdin or a file to supply the string to the program.
• SQL Metacharacter Escaping - Use the backslash (\) escape character to escape out any SQL metacharacters found in the given string. You can use either stdin or a file to supply the string to the program.

• For SQL Escaping, assume the string is comes from a URL and/or form data, so you do have to worry about %xx or %Uxxxx encoding. You can use a library function for this purpose.
• For Shell Escaping, assume the string comes from an email attachment, so you do have to worry about Base-64 decoding. You can use a library function for this purpose.
• Your code should be resilent to multiple layers of the above encoding.
• Your code should be resilent to basic evasion, such as inserting backslashes into the source string.

Once you have finished the code, have someone else in the class review the code to see if they can still evade your metacharacter parsing.

You should submit your code and a write-up of the code review with your classmate to Moodle for this lab.