2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2010-03-23 01:57:57 +03:00
|
|
|
|
|
|
|
"""
|
2019-01-05 23:38:52 +03:00
|
|
|
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2010-03-23 01:57:57 +03:00
|
|
|
"""
|
|
|
|
|
2013-01-20 16:45:58 +04:00
|
|
|
import re
|
|
|
|
|
2019-11-30 06:42:38 +03:00
|
|
|
from lib.core.common import Backend
|
2019-05-31 01:17:50 +03:00
|
|
|
from lib.core.convert import getBytes
|
|
|
|
from lib.core.data import conf
|
2019-11-30 06:42:38 +03:00
|
|
|
from lib.core.enums import DBMS
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapUndefinedMethod
|
2010-03-23 01:57:57 +03:00
|
|
|
|
2019-05-29 17:42:04 +03:00
|
|
|
class Syntax(object):
|
2010-03-23 01:57:57 +03:00
|
|
|
"""
|
|
|
|
This class defines generic syntax functionalities for plugins.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
pass
|
|
|
|
|
2013-01-20 16:45:58 +04:00
|
|
|
@staticmethod
|
|
|
|
def _escape(expression, quote=True, escaper=None):
|
|
|
|
retVal = expression
|
|
|
|
|
|
|
|
if quote:
|
2017-04-14 14:08:51 +03:00
|
|
|
for item in re.findall(r"'[^']*'+", expression):
|
2019-05-31 01:17:50 +03:00
|
|
|
original = item[1:-1]
|
2019-12-12 16:10:02 +03:00
|
|
|
if original:
|
|
|
|
if Backend.isDbms(DBMS.SQLITE) and "X%s" % item in expression:
|
|
|
|
continue
|
|
|
|
if re.search(r"\[(SLEEPTIME|RAND)", original) is None: # e.g. '[SLEEPTIME]' marker
|
|
|
|
replacement = escaper(original) if not conf.noEscape else original
|
|
|
|
|
|
|
|
if replacement != original:
|
|
|
|
retVal = retVal.replace(item, replacement)
|
|
|
|
elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):
|
|
|
|
retVal = retVal.replace("'%s'" % original, "n'%s'" % original)
|
2013-01-20 16:45:58 +04:00
|
|
|
else:
|
|
|
|
retVal = escaper(expression)
|
|
|
|
|
|
|
|
return retVal
|
|
|
|
|
2010-03-23 01:57:57 +03:00
|
|
|
@staticmethod
|
2013-01-18 19:10:34 +04:00
|
|
|
def escape(expression, quote=True):
|
2011-04-30 17:20:05 +04:00
|
|
|
errMsg = "'escape' method must be defined "
|
2013-01-18 18:40:37 +04:00
|
|
|
errMsg += "inside the specific DBMS plugin"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapUndefinedMethod(errMsg)
|