sqlmap/plugins/dbms/mysql/syntax.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import binascii
import re

from lib.core.convert import utf8encode
from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax

class Syntax(GenericSyntax):
    def __init__(self):
        GenericSyntax.__init__(self)

    @staticmethod
    def unescape(expression, quote=True):
        if quote:
            unescaped = expression
            for item in re.findall(r"'[^']+'", expression, re.S):
                try:
                    unescaped = unescaped.replace(item, "0x%s" % binascii.hexlify(item.strip("'")))
                except UnicodeEncodeError:
                    unescaped = unescaped.replace(item, "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(item.strip("'"))))
        else:
            unescaped = "0x%s" % binascii.hexlify(expression)

        return unescaped

    @staticmethod
    def escape(expression):
        while True:
            index = expression.find("CHAR(")
            if index == -1:
                break

            firstIndex = index
            index = expression[firstIndex:].find(")")

            if index == -1:
                raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression

            lastIndex = firstIndex + index + 1
            old = expression[firstIndex:lastIndex]
            oldUpper = old.upper()
            oldUpper = oldUpper.lstrip("CHAR(").rstrip(")")
            oldUpper = oldUpper.split(",")

            escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
            expression = expression.replace(old, escaped)

        original = expression
        for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S):
            expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:]))

        return expression
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`#!/usr/bin/env python`

			`"""`
modified homepage address 2012-07-12 21:38:03 +04:00			`Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`"""`

replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`import binascii`
			`import re`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
minor update/patch 2012-01-02 02:55:32 +04:00			`from lib.core.convert import utf8encode`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapSyntaxException`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from plugins.generic.syntax import Syntax as GenericSyntax`

			`class Syntax(GenericSyntax):`
			`def __init__(self):`
			`GenericSyntax.__init__(self)`

			`@staticmethod`
			`def unescape(expression, quote=True):`
			`if quote:`
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`unescaped = expression`
			`for item in re.findall(r"'[^']+'", expression, re.S):`
minor update regarding unicode unescaping 2012-01-02 02:31:09 +04:00			`try:`
			`unescaped = unescaped.replace(item, "0x%s" % binascii.hexlify(item.strip("'")))`
			`except UnicodeEncodeError:`
minor update/patch 2012-01-02 02:55:32 +04:00			`unescaped = unescaped.replace(item, "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(item.strip("'"))))`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`else:`
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`unescaped = "0x%s" % binascii.hexlify(expression)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`return unescaped`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`@staticmethod`
			`def escape(expression):`
			`while True:`
			`index = expression.find("CHAR(")`
			`if index == -1:`
			`break`

			`firstIndex = index`
			`index = expression[firstIndex:].find(")")`

			`if index == -1:`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`lastIndex = firstIndex + index + 1`
			`old = expression[firstIndex:lastIndex]`
			`oldUpper = old.upper()`
			`oldUpper = oldUpper.lstrip("CHAR(").rstrip(")")`
			`oldUpper = oldUpper.split(",")`

minor optimization 2011-11-21 00:14:47 +04:00			`escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`expression = expression.replace(old, escaped)`

replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`original = expression`
			`for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S):`
			`expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:]))`

Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`return expression`