sqlmap/lib/core/unescaper.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.common import Backend
from lib.core.datatype import AttribDict
from lib.core.settings import EXCLUDE_UNESCAPE

class Unescaper(AttribDict):
    def escape(self, expression, quote=True, dbms=None):
        if expression is None:
            return expression

        for exclude in EXCLUDE_UNESCAPE:
            if exclude in expression:
                return expression

        identifiedDbms = Backend.getIdentifiedDbms()

        if dbms is not None:
            retVal = self[dbms](expression, quote=quote)
        elif identifiedDbms is not None and identifiedDbms in self:
            retVal = self[identifiedDbms](expression, quote=quote)
        else:
            retVal = expression

        # e.g. inference comparison for '
        retVal = retVal.replace("'''", "''''")

        return retVal

unescaper = Unescaper()
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`"""`
Copyright year bump 2020-12-31 13:46:27 +03:00			`Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
few fixes and minor cosmetics 2011-07-08 10:02:31 +04:00			`from lib.core.datatype import AttribDict`
Code cleanup 2011-02-07 01:32:44 +03:00			`from lib.core.settings import EXCLUDE_UNESCAPE`
code refactoring 2010-12-09 19:49:02 +03:00
few fixes and minor cosmetics 2011-07-08 10:02:31 +04:00			`class Unescaper(AttribDict):`
Unescaping is renamed to escaping 2013-01-18 18:40:37 +04:00			`def escape(self, expression, quote=True, dbms=None):`
Code cleanup 2011-02-07 01:32:44 +03:00			`if expression is None:`
			`return expression`

			`for exclude in EXCLUDE_UNESCAPE:`
			`if exclude in expression:`
			`return expression`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`identifiedDbms = Backend.getIdentifiedDbms()`
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. Minor bug fixes thanks to previous refactoring too. 2011-01-13 20:36:54 +03:00
Code cleanup 2011-02-07 01:32:44 +03:00			`if dbms is not None:`
Adding support for CrateDB 2020-02-02 16:51:24 +03:00			`retVal = self[dbms](expression, quote=quote)`
Adding support for FrontBase 2020-03-02 14:43:12 +03:00			`elif identifiedDbms is not None and identifiedDbms in self:`
Adding support for CrateDB 2020-02-02 16:51:24 +03:00			`retVal = self[identifiedDbms](expression, quote=quote)`
Code refactoring and cosmetics 2011-01-07 18:41:09 +03:00			`else:`
Adding support for CrateDB 2020-02-02 16:51:24 +03:00			`retVal = expression`

			`# e.g. inference comparison for '`
			`retVal = retVal.replace("'''", "''''")`

			`return retVal`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`unescaper = Unescaper()`