sqlmap/lib/parse/html.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

import re

from xml.sax.handler import ContentHandler

from lib.core.common import urldecode
from lib.core.common import parseXmlFile
from lib.core.data import kb
from lib.core.data import paths
from lib.core.threads import getCurrentThreadData

class HTMLHandler(ContentHandler):
    """
    This class defines methods to parse the input HTML page to
    fingerprint the back-end database management system
    """

    def __init__(self, page):
        ContentHandler.__init__(self)

        self._dbms = None
        self._page = (page or "")
        self._lower_page = self._page.lower()
        self._urldecoded_page = urldecode(self._page)

        self.dbms = None

    def _markAsErrorPage(self):
        threadData = getCurrentThreadData()
        threadData.lastErrorPage = (threadData.lastRequestUID, self._page)

    def startElement(self, name, attrs):
        if self.dbms:
            return

        if name == "dbms":
            self._dbms = attrs.get("value")

        elif name == "error":
            regexp = attrs.get("regexp")
            if regexp not in kb.cache.regex:
                keywords = re.findall(r"\w+", re.sub(r"\\.", " ", regexp))
                keywords = sorted(keywords, key=len)
                kb.cache.regex[regexp] = keywords[-1].lower()

            if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._urldecoded_page, re.I):
                self.dbms = self._dbms
                self._markAsErrorPage()
                kb.forkNote = kb.forkNote or attrs.get("fork")

def htmlParser(page):
    """
    This function calls a class that parses the input HTML page to
    fingerprint the back-end database management system

    >>> from lib.core.enums import DBMS
    >>> htmlParser("Warning: mysql_fetch_array() expects parameter 1 to be resource") == DBMS.MYSQL
    True
    >>> threadData = getCurrentThreadData()
    >>> threadData.lastErrorPage = None
    """

    xmlfile = paths.ERRORS_XML
    handler = HTMLHandler(page)
    key = hash(page)

    if key in kb.cache.parsedDbms:
        retVal = kb.cache.parsedDbms[key]
        if retVal:
            handler._markAsErrorPage()
        return retVal

    parseXmlFile(xmlfile, handler)

    if handler.dbms and handler.dbms not in kb.htmlFp:
        kb.lastParserStatus = handler.dbms
        kb.htmlFp.append(handler.dbms)
    else:
        kb.lastParserStatus = None

    kb.cache.parsedDbms[key] = handler.dbms

    # generic SQL warning/error messages
    if re.search(r"SQL (warning|error|syntax)", page, re.I):
        handler._markAsErrorPage()

    return handler.dbms
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`"""`
Copyright year bump 2020-01-01 15:25:15 +03:00			`Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

			`import re`

			`from xml.sax.handler import ContentHandler`

Minor update regarding #3129 2018-06-01 11:21:59 +03:00			`from lib.core.common import urldecode`
some code refactoring 2010-04-16 23:57:00 +04:00			`from lib.core.common import parseXmlFile`
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`from lib.core.data import kb`
			`from lib.core.data import paths`
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 15:13:48 +03:00			`from lib.core.threads import getCurrentThreadData`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor style update (capitalization of leftover class names) 2012-12-06 16:46:24 +04:00			`class HTMLHandler(ContentHandler):`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`
			`This class defines methods to parse the input HTML page to`
			`fingerprint the back-end database management system`
			`"""`

			`def __init__(self, page):`
code reviewing part 2 2011-01-15 15:53:40 +03:00			`ContentHandler.__init__(self)`

minor update regarding boolean logic comparison mechanism 2012-03-30 13:42:58 +04:00			`self._dbms = None`
Some more optimization 2016-04-08 16:30:25 +03:00			`self._page = (page or "")`
			`self._lower_page = self._page.lower()`
Minor update regarding #3129 2018-06-01 11:21:59 +03:00			`self._urldecoded_page = urldecode(self._page)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor code restyling 2011-04-30 17:20:05 +04:00			`self.dbms = None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
minor update regarding boolean logic comparison mechanism 2012-03-30 13:42:58 +04:00			`def _markAsErrorPage(self):`
			`threadData = getCurrentThreadData()`
			`threadData.lastErrorPage = (threadData.lastRequestUID, self._page)`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`def startElement(self, name, attrs):`
Some more optimization 2016-04-08 16:30:25 +03:00			`if self.dbms:`
			`return`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if name == "dbms":`
minor update regarding boolean logic comparison mechanism 2012-03-30 13:42:58 +04:00			`self._dbms = attrs.get("value")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
minor refactoring/optimization 2011-11-16 20:06:21 +04:00			`elif name == "error":`
Some more optimization 2016-04-08 16:30:25 +03:00			`regexp = attrs.get("regexp")`
			`if regexp not in kb.cache.regex:`
If it works, don't touch. I touched 2017-10-31 13:38:09 +03:00			`keywords = re.findall(r"\w+", re.sub(r"\\.", " ", regexp))`
Some more optimization 2016-04-08 16:30:25 +03:00			`keywords = sorted(keywords, key=len)`
			`kb.cache.regex[regexp] = keywords[-1].lower()`

Minor update regarding #3129 2018-06-01 11:21:59 +03:00			`if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._urldecoded_page, re.I):`
minor update regarding boolean logic comparison mechanism 2012-03-30 13:42:58 +04:00			`self.dbms = self._dbms`
			`self._markAsErrorPage()`
Adding support for MemSQL (MySQL fork) 2020-01-21 01:11:37 +03:00			`kb.forkNote = kb.forkNote or attrs.get("fork")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor code adjustments 2008-11-17 03:13:49 +03:00			`def htmlParser(page):`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`
			`This function calls a class that parses the input HTML page to`
			`fingerprint the back-end database management system`
Minor update of testing 2020-01-03 15:46:12 +03:00
			`>>> from lib.core.enums import DBMS`
			`>>> htmlParser("Warning: mysql_fetch_array() expects parameter 1 to be resource") == DBMS.MYSQL`
			`True`
			`>>> threadData = getCurrentThreadData()`
			`>>> threadData.lastErrorPage = None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

Minor code adjustments 2008-11-17 03:13:49 +03:00			`xmlfile = paths.ERRORS_XML`
Minor style update (capitalization of leftover class names) 2012-12-06 16:46:24 +04:00			`handler = HTMLHandler(page)`
Speed optimization(s) 2016-09-09 12:06:38 +03:00			`key = hash(page)`

			`if key in kb.cache.parsedDbms:`
			`retVal = kb.cache.parsedDbms[key]`
			`if retVal:`
			`handler._markAsErrorPage()`
			`return retVal`
minor optimization (only way to prematurely stop SAX parser) 2011-01-23 13:12:01 +03:00
revert 2011-01-23 14:21:27 +03:00			`parseXmlFile(xmlfile, handler)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`if handler.dbms and handler.dbms not in kb.htmlFp:`
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 15:13:48 +03:00			`kb.lastParserStatus = handler.dbms`
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00			`kb.htmlFp.append(handler.dbms)`
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 15:13:48 +03:00			`else:`
			`kb.lastParserStatus = None`
Minor layout adjustments, minor fixes and updated changelog 2008-11-17 03:00:54 +03:00
Speed optimization(s) 2016-09-09 12:06:38 +03:00			`kb.cache.parsedDbms[key] = handler.dbms`

minor update regarding boolean logic comparison mechanism 2012-03-30 13:42:58 +04:00			`# generic SQL warning/error messages`
			`if re.search(r"SQL (warning\|error\|syntax)", page, re.I):`
			`handler._markAsErrorPage()`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`return handler.dbms`