From e53e10f8fe9dbf7e32c724c4edf0ce1673a885e2 Mon Sep 17 00:00:00 2001
From: kazet <krzysztof.zajac@cert.pl>
Date: Tue, 7 Nov 2023 12:52:25 +0100
Subject: [PATCH] more sql dumps (#615)

---
 artemis/reporting/modules/bruter/classifier.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/artemis/reporting/modules/bruter/classifier.py b/artemis/reporting/modules/bruter/classifier.py
index eb2628b62..2afe49b4c 100644
--- a/artemis/reporting/modules/bruter/classifier.py
+++ b/artemis/reporting/modules/bruter/classifier.py
@@ -83,6 +83,12 @@ def is_log_file(found_url: FoundURL) -> bool:
 
 
 def is_sql_dump(found_url: FoundURL) -> bool:
+    sql_dump_markers = ["create table", "alter table", "insert into"]
+
+    def _starts_with_sql_dump_marker(line: str) -> bool:
+        line = line.strip().lower()
+        return any(line.startswith(marker) for marker in sql_dump_markers)
+
     path = urllib.parse.urlparse(found_url.url).path
     if ".sql" not in path.lower() and "/sql" not in path.lower() and "/db" not in path.lower():
         return False
@@ -93,7 +99,7 @@ def is_sql_dump(found_url: FoundURL) -> bool:
     if "sql dump" in found_url.content_prefix.lower():
         return True
 
-    if "\ncreate table" in found_url.content_prefix.lower():
+    if any([_starts_with_sql_dump_marker(line) for line in found_url.content_prefix.split("\n")]):
         return True
 
     return False