sqlmap/plugins/dbms/mysql/syntax.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import binascii
import re

from lib.core.convert import utf8encode
from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax

class Syntax(GenericSyntax):
    def __init__(self):
        GenericSyntax.__init__(self)

    @staticmethod
    def escape(expression, quote=True):
        if quote:
            unescaped = expression
            for item in re.findall(r"'[^']+'", expression, re.S):
                try:
                    unescaped = unescaped.replace(item, "0x%s" % binascii.hexlify(item.strip("'")))
                except UnicodeEncodeError:
                    unescaped = unescaped.replace(item, "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(item.strip("'"))))
        else:
            unescaped = "0x%s" % binascii.hexlify(expression)

        return unescaped
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`#!/usr/bin/env python`

			`"""`
updated copyright 2013-01-18 18:07:51 +04:00			`Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`"""`

replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`import binascii`
			`import re`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
minor update/patch 2012-01-02 02:55:32 +04:00			`from lib.core.convert import utf8encode`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapSyntaxException`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from plugins.generic.syntax import Syntax as GenericSyntax`

			`class Syntax(GenericSyntax):`
			`def __init__(self):`
			`GenericSyntax.__init__(self)`

			`@staticmethod`
Unescaping is renamed to escaping 2013-01-18 18:40:37 +04:00			`def escape(expression, quote=True):`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`if quote:`
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`unescaped = expression`
			`for item in re.findall(r"'[^']+'", expression, re.S):`
minor update regarding unicode unescaping 2012-01-02 02:31:09 +04:00			`try:`
			`unescaped = unescaped.replace(item, "0x%s" % binascii.hexlify(item.strip("'")))`
			`except UnicodeEncodeError:`
minor update/patch 2012-01-02 02:55:32 +04:00			`unescaped = unescaped.replace(item, "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(item.strip("'"))))`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`else:`
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`unescaped = "0x%s" % binascii.hexlify(expression)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-24 00:19:42 +04:00			`return unescaped`