2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2013-04-15 12:33:25 +04:00
|
|
|
|
|
|
|
|
"""
|
2023-01-03 01:24:59 +03:00
|
|
|
Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2013-04-15 12:33:25 +04:00
|
|
|
"""
|
|
|
|
|
|
2022-06-22 14:05:41 +03:00
|
|
|
import importlib
|
2013-05-29 17:49:09 +04:00
|
|
|
import logging
|
2013-04-15 17:36:10 +04:00
|
|
|
import os
|
2020-06-24 13:05:40 +03:00
|
|
|
import re
|
2013-04-15 12:33:25 +04:00
|
|
|
import sys
|
2016-12-06 17:43:09 +03:00
|
|
|
import traceback
|
2013-04-15 18:29:08 +04:00
|
|
|
import warnings
|
2013-04-15 12:33:25 +04:00
|
|
|
|
2022-06-22 14:05:41 +03:00
|
|
|
_path = list(sys.path)
|
2013-04-15 12:33:25 +04:00
|
|
|
_sqlalchemy = None
|
|
|
|
|
try:
|
2022-06-22 14:05:41 +03:00
|
|
|
sys.path = sys.path[1:]
|
|
|
|
|
module = importlib.import_module("sqlalchemy")
|
|
|
|
|
if hasattr(module, "dialects"):
|
|
|
|
|
_sqlalchemy = module
|
2013-08-20 20:54:32 +04:00
|
|
|
warnings.simplefilter(action="ignore", category=_sqlalchemy.exc.SAWarning)
|
2023-01-23 18:05:46 +03:00
|
|
|
except:
|
2013-04-15 12:33:25 +04:00
|
|
|
pass
|
2022-06-22 14:05:41 +03:00
|
|
|
finally:
|
|
|
|
|
sys.path = _path
|
2013-04-15 12:33:25 +04:00
|
|
|
|
2013-05-28 13:24:34 +04:00
|
|
|
try:
|
|
|
|
|
import MySQLdb # used by SQLAlchemy in case of MySQL
|
|
|
|
|
warnings.filterwarnings("error", category=MySQLdb.Warning)
|
2019-12-23 14:14:40 +03:00
|
|
|
except (ImportError, AttributeError):
|
2013-05-28 13:24:34 +04:00
|
|
|
pass
|
|
|
|
|
|
2013-04-15 12:33:25 +04:00
|
|
|
from lib.core.data import conf
|
|
|
|
|
from lib.core.data import logger
|
|
|
|
|
from lib.core.exception import SqlmapConnectionException
|
2013-04-15 17:36:10 +04:00
|
|
|
from lib.core.exception import SqlmapFilePathException
|
2018-12-23 11:57:50 +03:00
|
|
|
from lib.core.exception import SqlmapMissingDependence
|
2013-04-15 12:33:25 +04:00
|
|
|
from plugins.generic.connector import Connector as GenericConnector
|
2021-07-19 14:58:54 +03:00
|
|
|
from thirdparty import six
|
2023-01-23 18:21:46 +03:00
|
|
|
from thirdparty.six.moves import urllib as _urllib
|
2013-04-15 12:33:25 +04:00
|
|
|
|
2019-05-19 08:52:38 +03:00
|
|
|
def getSafeExString(ex, encoding=None): # Cross-referenced function
|
|
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2013-04-15 12:33:25 +04:00
|
|
|
class SQLAlchemy(GenericConnector):
|
2013-04-15 16:20:21 +04:00
|
|
|
def __init__(self, dialect=None):
|
2013-04-15 12:33:25 +04:00
|
|
|
GenericConnector.__init__(self)
|
2020-06-24 13:05:40 +03:00
|
|
|
|
2013-04-15 16:20:21 +04:00
|
|
|
self.dialect = dialect
|
2020-06-24 13:05:40 +03:00
|
|
|
self.address = conf.direct
|
|
|
|
|
|
2023-01-23 18:21:46 +03:00
|
|
|
if conf.dbmsUser:
|
2023-01-23 20:04:47 +03:00
|
|
|
self.address = self.address.replace("'%s':" % conf.dbmsUser, "%s:" % _urllib.parse.quote(conf.dbmsUser))
|
2023-01-23 18:21:46 +03:00
|
|
|
self.address = self.address.replace("%s:" % conf.dbmsUser, "%s:" % _urllib.parse.quote(conf.dbmsUser))
|
|
|
|
|
|
|
|
|
|
if conf.dbmsPass:
|
2023-01-23 20:04:47 +03:00
|
|
|
self.address = self.address.replace(":'%s'@" % conf.dbmsPass, ":%s@" % _urllib.parse.quote(conf.dbmsPass))
|
2023-01-23 18:21:46 +03:00
|
|
|
self.address = self.address.replace(":%s@" % conf.dbmsPass, ":%s@" % _urllib.parse.quote(conf.dbmsPass))
|
|
|
|
|
|
2020-06-24 13:05:40 +03:00
|
|
|
if self.dialect:
|
|
|
|
|
self.address = re.sub(r"\A.+://", "%s://" % self.dialect, self.address)
|
2013-04-15 16:20:21 +04:00
|
|
|
|
2013-04-15 12:33:25 +04:00
|
|
|
def connect(self):
|
2013-04-15 16:20:21 +04:00
|
|
|
if _sqlalchemy:
|
|
|
|
|
self.initConnection()
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
if not self.port and self.db:
|
2013-04-15 17:36:10 +04:00
|
|
|
if not os.path.exists(self.db):
|
2018-03-13 13:13:38 +03:00
|
|
|
raise SqlmapFilePathException("the provided database file '%s' does not exist" % self.db)
|
2013-04-15 17:36:10 +04:00
|
|
|
|
2020-06-24 13:05:40 +03:00
|
|
|
_ = self.address.split("//", 1)
|
|
|
|
|
self.address = "%s////%s" % (_[0], os.path.abspath(self.db))
|
2013-04-15 17:36:10 +04:00
|
|
|
|
2018-01-25 14:29:56 +03:00
|
|
|
if self.dialect == "sqlite":
|
2020-06-24 13:05:40 +03:00
|
|
|
engine = _sqlalchemy.create_engine(self.address, connect_args={"check_same_thread": False})
|
2018-01-25 14:29:56 +03:00
|
|
|
elif self.dialect == "oracle":
|
2020-06-24 13:05:40 +03:00
|
|
|
engine = _sqlalchemy.create_engine(self.address)
|
2018-01-25 14:29:56 +03:00
|
|
|
else:
|
2020-06-24 13:05:40 +03:00
|
|
|
engine = _sqlalchemy.create_engine(self.address, connect_args={})
|
2018-01-25 14:29:56 +03:00
|
|
|
|
2013-04-15 18:18:40 +04:00
|
|
|
self.connector = engine.connect()
|
2016-12-04 00:06:18 +03:00
|
|
|
except (TypeError, ValueError):
|
2016-12-06 17:43:09 +03:00
|
|
|
if "_get_server_version_info" in traceback.format_exc():
|
|
|
|
|
try:
|
|
|
|
|
import pymssql
|
|
|
|
|
if int(pymssql.__version__[0]) < 2:
|
|
|
|
|
raise SqlmapConnectionException("SQLAlchemy connection issue (obsolete version of pymssql ('%s') is causing problems)" % pymssql.__version__)
|
|
|
|
|
except ImportError:
|
|
|
|
|
pass
|
2017-09-01 15:29:52 +03:00
|
|
|
elif "invalid literal for int() with base 10: '0b" in traceback.format_exc():
|
|
|
|
|
raise SqlmapConnectionException("SQLAlchemy connection issue ('https://bitbucket.org/zzzeek/sqlalchemy/issues/3975')")
|
2019-09-09 12:15:13 +03:00
|
|
|
else:
|
|
|
|
|
pass
|
2013-04-15 17:36:10 +04:00
|
|
|
except SqlmapFilePathException:
|
|
|
|
|
raise
|
2019-01-22 03:20:27 +03:00
|
|
|
except Exception as ex:
|
2019-05-19 08:52:38 +03:00
|
|
|
raise SqlmapConnectionException("SQLAlchemy connection issue ('%s')" % getSafeExString(ex))
|
2013-04-15 16:20:21 +04:00
|
|
|
|
2013-04-15 16:31:27 +04:00
|
|
|
self.printConnected()
|
2018-12-23 11:57:50 +03:00
|
|
|
else:
|
2021-07-19 14:58:54 +03:00
|
|
|
raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')" % ('3' if six.PY3 else ""))
|
2013-04-15 12:33:25 +04:00
|
|
|
|
|
|
|
|
def fetchall(self):
|
|
|
|
|
try:
|
2013-04-15 17:23:45 +04:00
|
|
|
retVal = []
|
|
|
|
|
for row in self.cursor.fetchall():
|
|
|
|
|
retVal.append(tuple(row))
|
|
|
|
|
return retVal
|
2019-01-22 03:20:27 +03:00
|
|
|
except _sqlalchemy.exc.ProgrammingError as ex:
|
2019-05-19 08:52:38 +03:00
|
|
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
|
2013-04-15 12:33:25 +04:00
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
def execute(self, query):
|
2021-03-25 19:29:14 +03:00
|
|
|
retVal = False
|
|
|
|
|
|
2023-12-01 13:26:52 +03:00
|
|
|
# Reference: https://stackoverflow.com/a/69491015
|
|
|
|
|
if hasattr(_sqlalchemy, "text"):
|
|
|
|
|
query = _sqlalchemy.text(query)
|
|
|
|
|
|
2013-04-15 12:33:25 +04:00
|
|
|
try:
|
2013-04-15 18:18:40 +04:00
|
|
|
self.cursor = self.connector.execute(query)
|
2021-03-25 19:29:14 +03:00
|
|
|
retVal = True
|
2019-01-22 03:20:27 +03:00
|
|
|
except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:
|
2019-05-19 08:52:38 +03:00
|
|
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
|
2019-01-22 03:20:27 +03:00
|
|
|
except _sqlalchemy.exc.InternalError as ex:
|
2019-05-19 08:52:38 +03:00
|
|
|
raise SqlmapConnectionException(getSafeExString(ex))
|
2013-04-15 12:33:25 +04:00
|
|
|
|
2021-03-25 19:29:14 +03:00
|
|
|
return retVal
|
|
|
|
|
|
2013-04-15 12:33:25 +04:00
|
|
|
def select(self, query):
|
2021-03-25 19:29:14 +03:00
|
|
|
retVal = None
|
|
|
|
|
|
|
|
|
|
if self.execute(query):
|
|
|
|
|
retVal = self.fetchall()
|
|
|
|
|
|
|
|
|
|
return retVal
|
