sqlmap/lib/parse/banner.py

124 lines
3.8 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
import re
from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
2010-05-21 18:42:59 +04:00
from lib.core.common import getCompiledRegex
from lib.core.common import getIdentifiedDBMS
2010-04-16 23:57:00 +04:00
from lib.core.common import parseXmlFile
2008-10-15 19:38:22 +04:00
from lib.core.common import sanitizeStr
from lib.core.data import kb
from lib.core.data import paths
from lib.core.enums import DBMS
from lib.parse.handler import FingerprintHandler
class MSSQLBannerHandler(ContentHandler):
"""
This class defines methods to parse and extract information from the
given Microsoft SQL Server banner based upon the data in XML file
"""
def __init__(self, banner, info):
2011-01-15 15:53:40 +03:00
ContentHandler.__init__(self)
2008-10-15 19:38:22 +04:00
self.__banner = sanitizeStr(banner)
self.__inVersion = False
self.__inServicePack = False
self.__release = None
self.__version = ""
self.__versionAlt = None
2008-10-15 19:38:22 +04:00
self.__servicePack = ""
self.__info = info
2008-10-15 19:38:22 +04:00
def __feedInfo(self, key, value):
value = sanitizeStr(value)
if value in ( None, "None" ):
return
self.__info[key] = value
2008-10-15 19:38:22 +04:00
def startElement(self, name, attrs):
if name == "signatures":
self.__release = sanitizeStr(attrs.get("release"))
elif name == "version":
self.__inVersion = True
elif name == "servicepack":
self.__inServicePack = True
def characters(self, data):
if self.__inVersion:
self.__version += sanitizeStr(data)
elif self.__inServicePack:
self.__servicePack += sanitizeStr(data)
def endElement(self, name):
if name == "signature":
for version in (self.__version, self.__versionAlt):
2010-05-21 18:42:59 +04:00
regObj = getCompiledRegex(" %s[\.\ ]+" % version)
if version and regObj.search(self.__banner):
self.__feedInfo("dbmsRelease", self.__release)
self.__feedInfo("dbmsVersion", self.__version)
self.__feedInfo("dbmsServicePack", self.__servicePack)
break
2008-10-15 19:38:22 +04:00
self.__version = ""
self.__versionAlt = None
2008-10-15 19:38:22 +04:00
self.__servicePack = ""
elif name == "version":
self.__inVersion = False
self.__version = self.__version.replace(" ", "")
2010-05-21 18:42:59 +04:00
regObj = getCompiledRegex(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z")
match = regObj.search(self.__version)
self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
2008-10-15 19:38:22 +04:00
elif name == "servicepack":
self.__inServicePack = False
self.__servicePack = self.__servicePack.replace(" ", "")
def bannerParser(banner):
2008-10-15 19:38:22 +04:00
"""
This function calls a class to extract information from the given
DBMS banner based upon the data in XML file
"""
xmlfile = None
if getIdentifiedDBMS() == DBMS.MSSQL:
xmlfile = paths.MSSQL_XML
elif getIdentifiedDBMS() == DBMS.MYSQL:
xmlfile = paths.MYSQL_XML
elif getIdentifiedDBMS() == DBMS.ORACLE:
xmlfile = paths.ORACLE_XML
elif getIdentifiedDBMS() == DBMS.PGSQL:
xmlfile = paths.PGSQL_XML
if not xmlfile:
return
checkFile(xmlfile)
if getIdentifiedDBMS() == DBMS.MSSQL:
handler = MSSQLBannerHandler(banner, kb.bannerFp)
2010-04-16 23:57:00 +04:00
parseXmlFile(xmlfile, handler)
handler = FingerprintHandler(banner, kb.bannerFp)
2010-04-16 23:57:00 +04:00
parseXmlFile(paths.GENERIC_XML, handler)
else:
handler = FingerprintHandler(banner, kb.bannerFp)
2010-04-16 23:57:00 +04:00
parseXmlFile(xmlfile, handler)
parseXmlFile(paths.GENERIC_XML, handler)