sqlmap/lib/core/convert.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file doc/COPYING for copying permission.
"""

try:
    import hashlib
except:
    import md5
    import sha

import pickle
import sys
import struct
import urllib

from lib.core.data import conf

def base64decode(string):
    return string.decode("base64")

def base64encode(string):
    return string.encode("base64")[:-1].replace("\n", "")

def base64pickle(string):
    return base64encode(pickle.dumps(string))

def base64unpickle(string):
    return pickle.loads(base64decode(string))

def hexdecode(string):
    string = string.lower()

    if string.startswith("0x"):
        string = string[2:]

    return string.decode("hex")
    
def hexencode(string):
    return string.encode("hex")

def md5hash(string):
    if sys.modules.has_key('hashlib'):
        return hashlib.md5(string).hexdigest()
    else:
        return md5.new(string).hexdigest()

def orddecode(string):
    packedString = struct.pack("!"+"I" * len(string), *string)
    return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])

def ordencode(string):
    return tuple([ord(char) for char in string])

def sha1hash(string):
    if sys.modules.has_key('hashlib'):
        return hashlib.sha1(string).hexdigest()
    else:
        return sha.new(string).hexdigest()

def urldecode(string):
    result = None

    if string:
        result = urllib.unquote_plus(string)

    return result

def urlencode(string, safe=":/?%&=", convall=False):
    if conf.direct or "POSTxml" in conf.paramDict:
        return string

    result = None

    if string is None:
        return result

    if convall:
        result = urllib.quote(utf8encode(string)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
    else:
        result = urllib.quote(utf8encode(string), safe)

    return result

def utf8encode(string):
    return string.encode("utf-8")

def utf8decode(string):
    return string.decode("utf-8")

def htmlescape(string):
    return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')

def htmlunescape(string):
    return string.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'")
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
			`See the file doc/COPYING for copying permission.`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`try:`
			`import hashlib`
			`except:`
			`import md5`
			`import sha`
Added resume functionality to -d and fixed logging with -d 2010-04-12 13:35:20 +04:00
			`import pickle`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`import sys`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`import struct`
			`import urllib`

Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00			`from lib.core.data import conf`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`def base64decode(string):`
			`return string.decode("base64")`

			`def base64encode(string):`
Added resume functionality to -d and fixed logging with -d 2010-04-12 13:35:20 +04:00			`return string.encode("base64")[:-1].replace("\n", "")`

			`def base64pickle(string):`
			`return base64encode(pickle.dumps(string))`

			`def base64unpickle(string):`
			`return pickle.loads(base64decode(string))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`def hexdecode(string):`
			`string = string.lower()`

			`if string.startswith("0x"):`
			`string = string[2:]`

			`return string.decode("hex")`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`def hexencode(string):`
			`return string.encode("hex")`

			`def md5hash(string):`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`if sys.modules.has_key('hashlib'):`
			`return hashlib.md5(string).hexdigest()`
			`else:`
			`return md5.new(string).hexdigest()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`def orddecode(string):`
			`packedString = struct.pack("!"+"I" * len(string), *string)`
			`return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])`

			`def ordencode(string):`
			`return tuple([ord(char) for char in string])`

			`def sha1hash(string):`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`if sys.modules.has_key('hashlib'):`
			`return hashlib.sha1(string).hexdigest()`
			`else:`
			`return sha.new(string).hexdigest()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`def urldecode(string):`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`result = None`
fix for a google bug reported by Brandon E. 2010-10-01 12:03:39 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if string:`
			`result = urllib.unquote_plus(string)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`return result`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`def urlencode(string, safe=":/?%&=", convall=False):`
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-30 01:07:23 +04:00			`if conf.direct or "POSTxml" in conf.paramDict:`
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00			`return string`

sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`result = None`

			`if string is None:`
			`return result`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if convall:`
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-30 01:07:23 +04:00			`result = urllib.quote(utf8encode(string)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`else:`
minor refactoring 2010-05-28 18:07:48 +04:00			`result = urllib.quote(utf8encode(string), safe)`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00
			`return result`
Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 15:32:10 +04:00
			`def utf8encode(string):`
			`return string.encode("utf-8")`

			`def utf8decode(string):`
			`return string.decode("utf-8")`
fix for a google bug reported by Brandon E. 2010-10-01 12:03:39 +04:00
			`def htmlescape(string):`
			`return string.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')`

			`def htmlunescape(string):`
			`return string.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'")`