2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2011-02-07 02:25:55 +03:00
|
|
|
|
|
|
|
"""
|
2023-01-03 01:24:59 +03:00
|
|
|
Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2011-02-07 02:25:55 +03:00
|
|
|
"""
|
|
|
|
|
2012-09-02 01:52:00 +04:00
|
|
|
import sqlite3
|
|
|
|
|
2021-10-26 11:05:14 +03:00
|
|
|
from lib.core.common import cleanReplaceUnicode
|
2015-09-15 14:26:25 +03:00
|
|
|
from lib.core.common import getSafeExString
|
2011-05-03 14:22:38 +04:00
|
|
|
from lib.core.common import unsafeSQLIdentificatorNaming
|
2016-11-09 14:20:54 +03:00
|
|
|
from lib.core.exception import SqlmapConnectionException
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapGenericException
|
|
|
|
from lib.core.exception import SqlmapValueException
|
2015-09-15 14:26:25 +03:00
|
|
|
from lib.core.settings import UNICODE_ENCODING
|
2019-09-11 15:05:25 +03:00
|
|
|
from lib.utils.safe2bin import safechardecode
|
2011-02-07 02:25:55 +03:00
|
|
|
|
2012-12-06 13:42:53 +04:00
|
|
|
class Replication(object):
|
2011-02-07 02:25:55 +03:00
|
|
|
"""
|
|
|
|
This class holds all methods/classes used for database
|
|
|
|
replication purposes.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self, dbpath):
|
2016-11-09 14:20:54 +03:00
|
|
|
try:
|
|
|
|
self.dbpath = dbpath
|
|
|
|
self.connection = sqlite3.connect(dbpath)
|
|
|
|
self.connection.isolation_level = None
|
|
|
|
self.cursor = self.connection.cursor()
|
2019-01-22 02:40:48 +03:00
|
|
|
except sqlite3.OperationalError as ex:
|
2016-11-09 14:20:54 +03:00
|
|
|
errMsg = "error occurred while opening a replication "
|
2021-06-21 18:17:41 +03:00
|
|
|
errMsg += "file '%s' ('%s')" % (dbpath, getSafeExString(ex))
|
2016-11-09 14:20:54 +03:00
|
|
|
raise SqlmapConnectionException(errMsg)
|
2011-02-07 02:25:55 +03:00
|
|
|
|
2019-05-29 17:42:04 +03:00
|
|
|
class DataType(object):
|
2011-02-07 02:25:55 +03:00
|
|
|
"""
|
|
|
|
Using this class we define auxiliary objects
|
|
|
|
used for representing sqlite data types.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self, name):
|
|
|
|
self.name = name
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
return self.name
|
|
|
|
|
|
|
|
def __repr__(self):
|
|
|
|
return "<DataType: %s>" % self
|
|
|
|
|
2019-05-29 17:42:04 +03:00
|
|
|
class Table(object):
|
2011-02-07 02:25:55 +03:00
|
|
|
"""
|
|
|
|
This class defines methods used to manipulate table objects.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self, parent, name, columns=None, create=True, typeless=False):
|
|
|
|
self.parent = parent
|
2011-05-03 14:22:38 +04:00
|
|
|
self.name = unsafeSQLIdentificatorNaming(name)
|
2011-02-07 02:25:55 +03:00
|
|
|
self.columns = columns
|
|
|
|
if create:
|
2015-09-15 14:26:25 +03:00
|
|
|
try:
|
|
|
|
self.execute('DROP TABLE IF EXISTS "%s"' % self.name)
|
|
|
|
if not typeless:
|
|
|
|
self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns)))
|
|
|
|
else:
|
|
|
|
self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns)))
|
2019-01-22 02:40:48 +03:00
|
|
|
except Exception as ex:
|
2015-09-15 14:26:25 +03:00
|
|
|
errMsg = "problem occurred ('%s') while initializing the sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
|
|
|
|
errMsg += "located at '%s'" % self.parent.dbpath
|
|
|
|
raise SqlmapGenericException(errMsg)
|
2011-02-07 02:25:55 +03:00
|
|
|
|
|
|
|
def insert(self, values):
|
|
|
|
"""
|
|
|
|
This function is used for inserting row(s) into current table.
|
|
|
|
"""
|
2011-04-14 17:53:56 +04:00
|
|
|
|
2011-02-07 02:25:55 +03:00
|
|
|
if len(values) == len(self.columns):
|
2013-01-10 16:18:44 +04:00
|
|
|
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?'] * len(values))), safechardecode(values))
|
2011-02-07 02:25:55 +03:00
|
|
|
else:
|
|
|
|
errMsg = "wrong number of columns used in replicating insert"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapValueException(errMsg)
|
2011-02-07 02:25:55 +03:00
|
|
|
|
2019-05-30 23:40:51 +03:00
|
|
|
def execute(self, sql, parameters=None):
|
2012-09-02 01:52:00 +04:00
|
|
|
try:
|
2021-10-26 11:05:14 +03:00
|
|
|
try:
|
|
|
|
self.parent.cursor.execute(sql, parameters or [])
|
|
|
|
except UnicodeError:
|
|
|
|
self.parent.cursor.execute(sql, cleanReplaceUnicode(parameters or []))
|
2019-01-22 02:40:48 +03:00
|
|
|
except sqlite3.OperationalError as ex:
|
2015-09-15 14:26:25 +03:00
|
|
|
errMsg = "problem occurred ('%s') while accessing sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
|
2012-09-02 01:52:00 +04:00
|
|
|
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
|
|
|
|
errMsg += "it's not used by some other program"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapGenericException(errMsg)
|
2012-09-02 01:52:00 +04:00
|
|
|
|
2011-04-14 18:34:12 +04:00
|
|
|
def beginTransaction(self):
|
|
|
|
"""
|
|
|
|
Great speed improvement can be gained by using explicit transactions around multiple inserts.
|
|
|
|
Reference: http://stackoverflow.com/questions/4719836/python-and-sqlite3-adding-thousands-of-rows
|
|
|
|
"""
|
2012-09-02 01:52:00 +04:00
|
|
|
self.execute('BEGIN TRANSACTION')
|
2011-04-14 18:34:12 +04:00
|
|
|
|
|
|
|
def endTransaction(self):
|
2012-09-02 01:52:00 +04:00
|
|
|
self.execute('END TRANSACTION')
|
2011-04-14 18:34:12 +04:00
|
|
|
|
2011-02-07 02:25:55 +03:00
|
|
|
def select(self, condition=None):
|
|
|
|
"""
|
|
|
|
This function is used for selecting row(s) from current table.
|
|
|
|
"""
|
2012-09-02 01:52:00 +04:00
|
|
|
_ = 'SELECT * FROM %s' % self.name
|
2011-02-07 02:25:55 +03:00
|
|
|
if condition:
|
2012-09-02 01:52:00 +04:00
|
|
|
_ += 'WHERE %s' % condition
|
|
|
|
return self.execute(_)
|
2011-02-07 02:25:55 +03:00
|
|
|
|
|
|
|
def createTable(self, tblname, columns=None, typeless=False):
|
|
|
|
"""
|
|
|
|
This function creates Table instance with current connection settings.
|
|
|
|
"""
|
|
|
|
return Replication.Table(parent=self, name=tblname, columns=columns, typeless=typeless)
|
|
|
|
|
|
|
|
def __del__(self):
|
|
|
|
self.cursor.close()
|
|
|
|
self.connection.close()
|
|
|
|
|
|
|
|
# sqlite data types
|
2011-04-30 17:20:05 +04:00
|
|
|
NULL = DataType('NULL')
|
2011-02-07 02:25:55 +03:00
|
|
|
INTEGER = DataType('INTEGER')
|
2011-04-30 17:20:05 +04:00
|
|
|
REAL = DataType('REAL')
|
|
|
|
TEXT = DataType('TEXT')
|
|
|
|
BLOB = DataType('BLOB')
|