sqlmap/lib/request/redirecthandler.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import re
import time
import types
import urllib2
import urlparse

from StringIO import StringIO

from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.common import readInput
from lib.core.enums import CUSTOM_LOGGING
from lib.core.enums import HTTP_HEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import REDIRECTION
from lib.core.exception import SqlmapConnectionException
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS
from lib.core.settings import MAX_TOTAL_REDIRECTIONS
from lib.core.threads import getCurrentThreadData
from lib.request.basic import decodePage
from lib.request.basic import parseResponse

class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
    def _get_header_redirect(self, headers):
        retVal = None

        if headers:
            if "location" in headers:
                retVal = headers.getheaders("location")[0]
            elif "uri" in headers:
                retVal = headers.getheaders("uri")[0]

        return retVal

    def _ask_redirect_choice(self, redcode, redurl, method):
        with kb.locks.redirect:
            if kb.redirectChoice is None:
                msg = "sqlmap got a %d redirect to " % redcode
                msg += "'%s'. Do you want to follow? [Y/n] " % redurl

                kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO

            if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
                msg = "redirect is a result of a "
                msg += "POST request. Do you want to "
                msg += "resend original POST data to a new "
                msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")

                kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)

            if kb.resendPostOnRedirect:
                self.redirect_request = self._redirect_request

    def _redirect_request(self, req, fp, code, msg, headers, newurl):
        newurl = newurl.replace(' ', '%20')
        return urllib2.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())

    def http_error_302(self, req, fp, code, msg, headers):
        start = time.time()
        content = None
        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None

        try:
            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
        except Exception, msg:
            dbgMsg = "there was a problem while retrieving "
            dbgMsg += "redirect response content (%s)" % msg
            logger.debug(dbgMsg)
        finally:
            if content:
                try:  # try to write it back to the read buffer so we could reuse it in further steps
                    fp.fp._rbuf.truncate(0)
                    fp.fp._rbuf.write(content)
                except:
                    pass

        content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))

        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

        redirectMsg = "HTTP redirect "
        redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))

        if headers:
            logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in headers.items())
        else:
            logHeaders = ""

        redirectMsg += logHeaders
        if content:
            redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])

        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())
        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)

        if redurl:
            try:
                if not urlparse.urlsplit(redurl).netloc:
                    redurl = urlparse.urljoin(req.get_full_url(), redurl)

                self._infinite_loop_check(req)
                self._ask_redirect_choice(code, redurl, req.get_method())
            except ValueError:
                redurl = None
                result = fp

        if redurl and kb.redirectChoice == REDIRECTION.YES:
            parseResponse(content, headers)

            req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
            if headers and HTTP_HEADER.SET_COOKIE in headers:
                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
                _ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0]
                if HTTP_HEADER.COOKIE not in req.headers:
                    req.headers[HTTP_HEADER.COOKIE] = _
                else:
                    req.headers[HTTP_HEADER.COOKIE] = re.sub("%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (re.escape(_.split('=')[0]), delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))
            try:
                result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
            except urllib2.HTTPError, e:
                result = e

                # Dirty hack for http://bugs.python.org/issue15701
                try:
                    result.info()
                except AttributeError:
                    def _(self):
                        return getattr(self, "hdrs") or {}
                    result.info = types.MethodType(_, result)

                if not hasattr(result, "read"):
                    def _(self, length=None):
                        return e.msg
                    result.read = types.MethodType(_, result)

                if not getattr(result, "url", None):
                    result.url = redurl

                if not getattr(result, "code", None):
                    result.code = 999
            except:
                redurl = None
                result = fp
                fp.read = StringIO("").read
        else:
            result = fp

        threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)

        result.redcode = code
        result.redurl = redurl
        return result

    http_error_301 = http_error_303 = http_error_307 = http_error_302

    def _infinite_loop_check(self, req):
        if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
            errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
            errMsg += "Please check all provided parameters and/or provide missing ones"
            raise SqlmapConnectionException(errMsg)
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 15:32:17 +04:00			`#!/usr/bin/env python`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00
			`"""`
New version preparation 2017-01-02 16:19:18 +03:00			`Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`"""`

Fixes #2447 2017-03-27 23:36:04 +03:00			`import re`
Update for #2597 2017-07-04 13:14:17 +03:00			`import time`
Patch for an Issue #1157 2015-02-04 17:01:03 +03:00			`import types`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`import urllib2`
improved redirection mechanism 2011-05-24 03:20:03 +04:00			`import urlparse`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00
Patch for an Issue #719 2014-06-12 11:08:55 +04:00			`from StringIO import StringIO`

Fix for an Issue #497 2013-08-01 21:48:20 +04:00			`from lib.core.data import conf`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.data import kb`
minor fix regarding last couple of commits 2011-03-17 14:25:37 +03:00			`from lib.core.data import logger`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00			`from lib.core.common import getHostHeader`
added logging to redirecthandler 2011-03-17 15:21:27 +03:00			`from lib.core.common import getUnicode`
adding redirect response to the traffic file 2011-09-28 12:13:46 +04:00			`from lib.core.common import logHTTPTraffic`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.common import readInput`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`from lib.core.enums import CUSTOM_LOGGING`
Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`from lib.core.enums import HTTP_HEADER`
Implementation for an Issue #348 2013-01-18 00:49:58 +04:00			`from lib.core.enums import HTTPMETHOD`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.enums import REDIRECTION`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapConnectionException`
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 16:51:08 +04:00			`from lib.core.settings import DEFAULT_COOKIE_DELIMITER`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE`
Minor update 2012-12-07 18:29:54 +04:00			`from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS`
			`from lib.core.settings import MAX_TOTAL_REDIRECTIONS`
minor update toward the implementation of request from Santiago 2011-03-17 09:39:05 +03:00			`from lib.core.threads import getCurrentThreadData`
minor fix and some refactoring 2011-03-18 03:24:02 +03:00			`from lib.request.basic import decodePage`
Patch for an Issue #1468 2015-10-15 14:07:43 +03:00			`from lib.request.basic import parseResponse`
detecting infinite redirect loops (Feature #192) 2010-07-19 16:38:30 +04:00
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`class SmartRedirectHandler(urllib2.HTTPRedirectHandler):`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00			`def _get_header_redirect(self, headers):`
			`retVal = None`

redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`if headers:`
			`if "location" in headers:`
I believe that this was a wrong decision. Patching 2015-11-09 16:11:08 +03:00			`retVal = headers.getheaders("location")[0]`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`elif "uri" in headers:`
I believe that this was a wrong decision. Patching 2015-11-09 16:11:08 +03:00			`retVal = headers.getheaders("uri")[0]`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00
			`return retVal`

Implementation for an Issue #348 2013-01-18 00:49:58 +04:00			`def _ask_redirect_choice(self, redcode, redurl, method):`
Fix for an Issue #345 2013-01-17 14:50:12 +04:00			`with kb.locks.redirect:`
			`if kb.redirectChoice is None:`
			`msg = "sqlmap got a %d redirect to " % redcode`
			`msg += "'%s'. Do you want to follow? [Y/n] " % redurl`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Some code refactoring 2017-04-18 16:48:05 +03:00			`kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Minor just in place update for an Issue #348 2013-01-18 01:44:55 +04:00			`if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:`
			`msg = "redirect is a result of a "`
			`msg += "POST request. Do you want to "`
			`msg += "resend original POST data to a new "`
			`msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")`

Minor cleanup and one bug fix 2017-04-19 15:46:27 +03:00			`kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)`
Minor just in place update for an Issue #348 2013-01-18 01:44:55 +04:00
Minor fix regarding POST redirects (ML) 2015-06-16 13:00:56 +03:00			`if kb.resendPostOnRedirect:`
			`self.redirect_request = self._redirect_request`
Implementation for an Issue #348 2013-01-18 00:49:58 +04:00
			`def _redirect_request(self, req, fp, code, msg, headers, newurl):`
			`newurl = newurl.replace(' ', '%20')`
			`return urllib2.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())`

Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`def http_error_302(self, req, fp, code, msg, headers):`
Update for #2597 2017-07-04 13:14:17 +03:00			`start = time.time()`
some fixes here and there 2012-03-15 16:14:50 +04:00			`content = None`
Adding switch --ignore-redirects (Issue #2286) 2016-11-25 15:32:28 +03:00			`redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`try:`
Minor update 2012-12-07 18:29:54 +04:00			`content = fp.read(MAX_CONNECTION_TOTAL_SIZE)`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`except Exception, msg:`
			`dbgMsg = "there was a problem while retrieving "`
			`dbgMsg += "redirect response content (%s)" % msg`
			`logger.debug(dbgMsg)`
Minor update 2012-12-07 18:29:54 +04:00			`finally:`
			`if content:`
			`try: # try to write it back to the read buffer so we could reuse it in further steps`
			`fp.fp._rbuf.truncate(0)`
			`fp.fp._rbuf.write(content)`
			`except:`
			`pass`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00
Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))`
Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`threadData = getCurrentThreadData()`
Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`threadData.lastRedirectMsg = (threadData.lastRequestUID, content)`

Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`redirectMsg = "HTTP redirect "`
Update for #2597 2017-07-04 13:14:17 +03:00			`redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00
			`if headers:`
Update for #2597 2017-07-04 13:14:17 +03:00			`logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in headers.items())`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`else:`
			`logHeaders = ""`

Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`redirectMsg += logHeaders`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`if content:`
Update for #2597 2017-07-04 13:14:17 +03:00			`redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00
Update for #2597 2017-07-04 13:14:17 +03:00			`logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)`
Minor update for an Issue #288 2012-12-07 14:23:18 +04:00
Fix for an Issue #101 2012-07-17 02:19:33 +04:00			`if redurl:`
Patch for an Issue #667 2014-04-07 23:01:40 +04:00			`try:`
			`if not urlparse.urlsplit(redurl).netloc:`
			`redurl = urlparse.urljoin(req.get_full_url(), redurl)`

			`self._infinite_loop_check(req)`
			`self._ask_redirect_choice(code, redurl, req.get_method())`
			`except ValueError:`
			`redurl = None`
			`result = fp`
minor fix regarding last couple of commits 2011-03-17 14:25:37 +03:00
Fix for an Issue #101 2012-07-17 02:19:33 +04:00			`if redurl and kb.redirectChoice == REDIRECTION.YES:`
Patch for an Issue #1468 2015-10-15 14:07:43 +03:00			`parseResponse(content, headers)`

Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)`
			`if headers and HTTP_HEADER.SET_COOKIE in headers:`
Fixes #2447 2017-03-27 23:36:04 +03:00			`delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER`
			`_ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0]`
			`if HTTP_HEADER.COOKIE not in req.headers:`
			`req.headers[HTTP_HEADER.COOKIE] = _`
			`else:`
Fixes #2626 2017-07-28 01:16:06 +03:00			`req.headers[HTTP_HEADER.COOKIE] = re.sub("%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (re.escape(_.split('=')[0]), delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))`
Patch for an Issue #716 2014-06-10 23:57:54 +04:00			`try:`
			`result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)`
Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 17:58:19 +03:00			`except urllib2.HTTPError, e:`
			`result = e`
Patch for an Issue #1157 2015-02-04 17:01:03 +03:00
			`# Dirty hack for http://bugs.python.org/issue15701`
			`try:`
			`result.info()`
			`except AttributeError:`
			`def _(self):`
			`return getattr(self, "hdrs") or {}`
			`result.info = types.MethodType(_, result)`

			`if not hasattr(result, "read"):`
			`def _(self, length=None):`
			`return e.msg`
			`result.read = types.MethodType(_, result)`

			`if not getattr(result, "url", None):`
			`result.url = redurl`

			`if not getattr(result, "code", None):`
			`result.code = 999`
Patch for an Issue #716 2014-06-10 23:57:54 +04:00			`except:`
			`redurl = None`
			`result = fp`
Patch for an Issue #719 2014-06-12 11:08:55 +04:00			`fp.read = StringIO("").read`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`else:`
			`result = fp`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00
Fix for crawler and redirection case 2013-04-30 20:08:26 +04:00			`threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)`

Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`result.redcode = code`
			`result.redurl = redurl`
			`return result`
some fixes here and there 2012-03-15 16:14:50 +04:00
			`http_error_301 = http_error_303 = http_error_307 = http_error_302`
detecting infinite redirect loops (Feature #192) 2010-07-19 16:38:30 +04:00
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`def _infinite_loop_check(self, req):`
			`if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):`
Minor code restyling 2011-04-30 17:20:05 +04:00			`errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())`
Minor style update 2014-01-02 14:06:19 +04:00			`errMsg += "Please check all provided parameters and/or provide missing ones"`
Replacing old and deprecated raise Exception style (PEP8) 2013-01-04 02:20:55 +04:00			`raise SqlmapConnectionException(errMsg)`