sqlmap/plugins/dbms/hsql/syntax.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import binascii

from lib.core.convert import utf8encode
from plugins.generic.syntax import Syntax as GenericSyntax

class Syntax(GenericSyntax):
    def __init__(self):
        GenericSyntax.__init__(self)

    @staticmethod
    def escape(expression, quote=True):
        """
        TODO: Unsure of a method to escape. Perhaps RAWTOHEX/HEXTORAW functions?
        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
        'SELECT 'abcdefgh' FROM foobar'
        """

        def escaper(value):
            retVal = None
            try:
                retVal = "'%s'" % value
            except UnicodeEncodeError:
                retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))
            return retVal

        return Syntax._escape(expression, quote, escaper)
hsql plugin folder 2013-06-24 17:34:25 +04:00			`#!/usr/bin/env python`

			`"""`
			`Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)`
			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`import binascii`

			`from lib.core.convert import utf8encode`
			`from plugins.generic.syntax import Syntax as GenericSyntax`

			`class Syntax(GenericSyntax):`
			`def __init__(self):`
			`GenericSyntax.__init__(self)`

			`@staticmethod`
			`def escape(expression, quote=True):`
			`"""`
			`TODO: Unsure of a method to escape. Perhaps RAWTOHEX/HEXTORAW functions?`
			`>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")`
			`'SELECT 'abcdefgh' FROM foobar'`
			`"""`

			`def escaper(value):`
			`retVal = None`
			`try:`
			`retVal = "'%s'" % value`
			`except UnicodeEncodeError:`
			`retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))`
			`return retVal`

			`return Syntax._escape(expression, quote, escaper)`