sqlmap/lib/controller/handler.py

172 lines
7.1 KiB
Python
Raw Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2020-01-01 15:25:15 +03:00
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2008-10-15 19:38:22 +04:00
"""
from lib.core.common import Backend
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
2013-04-15 16:20:21 +04:00
from lib.core.dicts import DBMS_DICT
from lib.core.enums import DBMS
2018-11-02 18:18:08 +03:00
from lib.core.exception import SqlmapConnectionException
2020-01-23 18:59:02 +03:00
from lib.core.settings import ACCESS_ALIASES
2020-01-27 19:32:31 +03:00
from lib.core.settings import ALTIBASE_ALIASES
2020-02-02 16:51:24 +03:00
from lib.core.settings import CRATEDB_ALIASES
2020-01-23 18:59:02 +03:00
from lib.core.settings import DB2_ALIASES
from lib.core.settings import DERBY_ALIASES
from lib.core.settings import FIREBIRD_ALIASES
from lib.core.settings import H2_ALIASES
from lib.core.settings import HSQLDB_ALIASES
from lib.core.settings import INFORMIX_ALIASES
from lib.core.settings import MAXDB_ALIASES
2020-01-23 01:41:06 +03:00
from lib.core.settings import MCKOI_ALIASES
2020-01-31 13:33:31 +03:00
from lib.core.settings import MIMERSQL_ALIASES
2020-01-23 18:59:02 +03:00
from lib.core.settings import MONETDB_ALIASES
2008-10-15 19:38:22 +04:00
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import ORACLE_ALIASES
from lib.core.settings import PGSQL_ALIASES
2020-01-23 18:59:02 +03:00
from lib.core.settings import PRESTO_ALIASES
from lib.core.settings import SQLITE_ALIASES
2010-10-12 23:05:12 +04:00
from lib.core.settings import SYBASE_ALIASES
2020-01-21 17:40:59 +03:00
from lib.core.settings import VERTICA_ALIASES
from lib.utils.sqlalchemy import SQLAlchemy
2008-10-15 19:38:22 +04:00
2020-01-23 18:59:02 +03:00
from plugins.dbms.access.connector import Connector as AccessConn
from plugins.dbms.access import AccessMap
2020-01-27 19:32:31 +03:00
from plugins.dbms.altibase.connector import Connector as AltibaseConn
from plugins.dbms.altibase import AltibaseMap
2020-02-02 16:51:24 +03:00
from plugins.dbms.cratedb.connector import Connector as CrateDBConn
from plugins.dbms.cratedb import CrateDBMap
2020-01-23 18:59:02 +03:00
from plugins.dbms.db2.connector import Connector as DB2Conn
from plugins.dbms.db2 import DB2Map
from plugins.dbms.derby.connector import Connector as DerbyConn
from plugins.dbms.derby import DerbyMap
from plugins.dbms.firebird.connector import Connector as FirebirdConn
from plugins.dbms.firebird import FirebirdMap
from plugins.dbms.h2.connector import Connector as H2Conn
from plugins.dbms.h2 import H2Map
from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
from plugins.dbms.hsqldb import HSQLDBMap
from plugins.dbms.informix.connector import Connector as InformixConn
from plugins.dbms.informix import InformixMap
from plugins.dbms.maxdb.connector import Connector as MaxDBConn
from plugins.dbms.maxdb import MaxDBMap
2020-01-23 01:41:06 +03:00
from plugins.dbms.mckoi.connector import Connector as MckoiConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.mckoi import MckoiMap
2020-01-31 13:33:31 +03:00
from plugins.dbms.mimersql.connector import Connector as MimerSQLConn
from plugins.dbms.mimersql import MimerSQLMap
2020-01-23 18:59:02 +03:00
from plugins.dbms.monetdb.connector import Connector as MonetDBConn
from plugins.dbms.monetdb import MonetDBMap
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.mssqlserver import MSSQLServerMap
from plugins.dbms.mysql.connector import Connector as MySQLConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.mysql import MySQLMap
from plugins.dbms.oracle.connector import Connector as OracleConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.oracle import OracleMap
from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.postgresql import PostgreSQLMap
from plugins.dbms.presto.connector import Connector as PrestoConn
from plugins.dbms.presto import PrestoMap
from plugins.dbms.sqlite.connector import Connector as SQLiteConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.sqlite import SQLiteMap
2010-10-13 22:55:17 +04:00
from plugins.dbms.sybase.connector import Connector as SybaseConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.sybase import SybaseMap
2020-01-21 17:40:59 +03:00
from plugins.dbms.vertica.connector import Connector as VerticaConn
2020-01-23 18:59:02 +03:00
from plugins.dbms.vertica import VerticaMap
2008-10-15 19:38:22 +04:00
def setHandler():
"""
Detect which is the target web application back-end database
management system.
"""
items = [
(DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
(DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
(DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
(DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
(DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
(DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
(DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
(DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
(DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
(DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
(DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
2018-10-16 13:23:07 +03:00
(DBMS.H2, H2_ALIASES, H2Map, H2Conn),
(DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
2020-01-17 19:14:41 +03:00
(DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
2020-01-20 17:33:45 +03:00
(DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
2020-01-21 17:40:59 +03:00
(DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),
2020-01-23 01:41:06 +03:00
(DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn),
2020-01-23 18:59:02 +03:00
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
2020-01-27 19:32:31 +03:00
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
2020-01-31 13:33:31 +03:00
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
2020-02-02 16:51:24 +03:00
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
]
2012-05-09 22:25:04 +04:00
2019-05-02 11:22:44 +03:00
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
2012-05-09 22:25:04 +04:00
if _:
2012-05-09 22:26:02 +04:00
items.remove(_)
items.insert(0, _)
2012-05-09 22:25:04 +04:00
2014-08-30 23:53:09 +04:00
for dbms, aliases, Handler, Connector in items:
if conf.forceDbms:
if conf.forceDbms.lower() not in aliases:
continue
else:
kb.dbms = conf.dbms = conf.forceDbms = dbms
2017-08-28 14:02:08 +03:00
if kb.dbmsFilter:
if dbms not in kb.dbmsFilter:
continue
2012-05-09 22:25:04 +04:00
handler = Handler()
conf.dbmsConnector = Connector()
2010-10-20 13:54:17 +04:00
2010-03-30 17:23:20 +04:00
if conf.direct:
2018-11-02 18:18:08 +03:00
exception = None
2014-08-30 23:53:09 +04:00
dialect = DBMS_DICT[dbms][3]
2013-04-15 16:20:21 +04:00
2013-07-01 14:26:57 +04:00
if dialect:
2018-11-02 18:18:08 +03:00
try:
sqlalchemy = SQLAlchemy(dialect=dialect)
sqlalchemy.connect()
if sqlalchemy.connector:
conf.dbmsConnector = sqlalchemy
2019-01-22 02:40:48 +03:00
except Exception as ex:
2018-11-02 18:18:08 +03:00
exception = ex
if not dialect or exception:
try:
conf.dbmsConnector.connect()
2019-01-22 02:40:48 +03:00
except Exception as ex:
2018-11-02 18:18:08 +03:00
if exception:
2019-05-07 17:09:28 +03:00
raise exception
2018-11-02 18:18:08 +03:00
else:
if not isinstance(ex, NameError):
raise
else:
msg = "support for direct connection to '%s' is not available. " % dbms
msg += "Please rerun with '--dependencies'"
raise SqlmapConnectionException(msg)
2008-10-15 19:38:22 +04:00
if conf.forceDbms == dbms or handler.checkDbms():
if kb.resolutionDbms:
conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
2018-11-27 01:40:47 +03:00
conf.dbmsHandler._dbms = kb.resolutionDbms
else:
conf.dbmsHandler = handler
2018-11-27 01:40:47 +03:00
conf.dbmsHandler._dbms = dbms
2017-02-27 15:58:07 +03:00
break
else:
conf.dbmsConnector = None
# At this point back-end DBMS is correctly fingerprinted, no need
# to enforce it anymore
Backend.flushForcedDbms()