sqlmap/lib/core/convert.py

151 lines
4.1 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
2012-01-11 18:59:46 +04:00
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
try:
import hashlib
except:
import md5
import sha
import pickle
2011-04-10 20:46:33 +04:00
import re
import sys
2008-10-15 19:38:22 +04:00
import struct
import urllib
from lib.core.data import conf
2011-07-08 14:03:14 +04:00
from lib.core.data import kb
2011-04-18 01:39:00 +04:00
from lib.core.enums import PLACE
2011-03-03 13:39:04 +03:00
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URLENCODE_CHAR_LIMIT
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
def base64decode(value):
return value.decode("base64")
2008-10-15 19:38:22 +04:00
def base64encode(value):
return value.encode("base64")[:-1].replace("\n", "")
def base64pickle(value):
return base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
def base64unpickle(value):
return pickle.loads(base64decode(value))
2008-10-15 19:38:22 +04:00
def hexdecode(value):
value = value.lower()
2011-12-21 23:40:42 +04:00
return (value[2:] if value.startswith("0x") else value).decode("hex")
def hexencode(value):
return value.encode("hex")
2008-10-15 19:38:22 +04:00
def md5hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
def orddecode(value):
packedString = struct.pack("!"+"I" * len(value), *value)
2011-11-21 00:14:47 +04:00
return "".join(chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString))
2008-10-15 19:38:22 +04:00
def ordencode(value):
2011-11-21 00:14:47 +04:00
return tuple(ord(char) for char in value)
2008-10-15 19:38:22 +04:00
def sha1hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
def urldecode(value, encoding=None):
result = None
if value:
try:
# for cases like T%C3%BCrk%C3%A7e
value = str(value)
except ValueError:
2011-03-03 13:39:04 +03:00
pass
finally:
result = urllib.unquote_plus(value)
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
2011-03-03 13:39:04 +03:00
return result
2008-10-15 19:38:22 +04:00
2011-07-08 14:03:14 +04:00
def urlencode(value, safe="%&=", convall=False, limit=False):
2011-04-18 01:39:00 +04:00
if conf.direct or PLACE.SOAP in conf.paramDict:
return value
count = 0
2012-02-16 18:42:28 +04:00
result = None if value is None else ""
2012-02-16 18:42:28 +04:00
if value:
if convall or safe is None:
safe = ""
2008-10-15 19:38:22 +04:00
2012-02-16 18:42:28 +04:00
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
# except in cases when tampering scripts are used
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
2012-02-16 18:42:28 +04:00
while True:
result = urllib.quote(utf8encode(value), safe)
2011-04-10 20:46:33 +04:00
2012-02-16 18:42:28 +04:00
if limit and len(result) > URLENCODE_CHAR_LIMIT:
if count >= len(URLENCODE_FAILSAFE_CHARS):
break
2012-02-16 18:42:28 +04:00
while count < len(URLENCODE_FAILSAFE_CHARS):
safe += URLENCODE_FAILSAFE_CHARS[count]
count += 1
if safe[-1] in value:
break
else:
break
return result
2011-04-29 19:22:32 +04:00
def unicodeencode(value, encoding=None):
"""
Return 8-bit string representation of the supplied unicode value:
>>> unicodeencode(u'test')
'test'
"""
retVal = value
if isinstance(value, unicode):
try:
retVal = value.encode(encoding or UNICODE_ENCODING)
except UnicodeEncodeError:
retVal = value.encode(UNICODE_ENCODING, "replace")
2011-04-29 19:22:32 +04:00
return retVal
def utf8encode(value):
2011-04-29 19:22:32 +04:00
return unicodeencode(value, "utf-8")
def utf8decode(value):
return value.decode("utf-8")
def htmlescape(value):
2011-12-21 23:40:42 +04:00
_ = (('&', '&amp;'), ('<', '&lt;'), ('>', '&gt;'), ('"', '&quot;'), ("'", '&#39;'), (' ', '&nbsp;'))
return reduce(lambda x, y: x.replace(y[0], y[1]), _, value)
def htmlunescape(value):
2011-12-21 18:25:39 +04:00
retVal = value
if value and isinstance(value, basestring):
2011-12-21 23:40:42 +04:00
_ = (('&amp;', '&'), ('&lt;', '<'), ('&gt;', '>'), ('&quot;', '"'), ('&nbsp;', ' '))
retVal = reduce(lambda x, y: x.replace(y[0], y[1]), _, retVal)
retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal)
return retVal