sqlmap/plugins/dbms/sqlite/fingerprint.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import SQLITE_ALIASES
from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

class Fingerprint(GenericFingerprint):
    def __init__(self):
        GenericFingerprint.__init__(self, DBMS.SQLITE)

    def getFingerprint(self):
        value = ""
        wsOsFp = Format.getOs("web server", kb.headersFp)

        if wsOsFp:
            value += "%s\n" % wsOsFp

        if kb.data.banner:
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)

            if dbmsOsFp:
                value += "%s\n" % dbmsOsFp

        value += "back-end DBMS: "

        if not conf.extensiveFp:
            value += DBMS.SQLITE
            return value

        actVer = Format.getDbms()
        blank = " " * 15
        value += "active fingerprint: %s" % actVer

        if kb.bannerFp:
            banVer = kb.bannerFp.get("dbmsVersion")

            if banVer:
                banVer = Format.getDbms([banVer])
                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

        htmlErrorFp = Format.getErrorParsedDBMSes()

        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

        return value

    def checkDbms(self):
        """
        References for fingerprint:

        * http://www.sqlite.org/lang_corefunc.html
        * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
        """

        if not conf.extensiveFp and Backend.isDbmsWithin(SQLITE_ALIASES):
            setDbms(DBMS.SQLITE)

            self.getBanner()

            return True

        infoMsg = "testing %s" % DBMS.SQLITE
        logger.info(infoMsg)

        result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")

        if result:
            infoMsg = "confirming %s" % DBMS.SQLITE
            logger.info(infoMsg)

            result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()")

            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE
                logger.warning(warnMsg)

                return False
            else:
                infoMsg = "actively fingerprinting %s" % DBMS.SQLITE
                logger.info(infoMsg)

                result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
                version = '3' if result else '2'
                Backend.setVersion(version)

            setDbms(DBMS.SQLITE)

            self.getBanner()

            return True
        else:
            warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE
            logger.warning(warnMsg)

            return False

    def forceDbmsEnum(self):
        conf.db = "%s%s" % (DBMS.SQLITE, METADB_SUFFIX)
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`"""`
Bumping copyright year 2024-01-04 01:11:52 +03:00			`Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
			`from lib.core.common import Format`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import DBMS`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`from lib.core.session import setDbms`
blind dumping of tables in sqlite implemented 2010-12-12 01:13:19 +03:00			`from lib.core.settings import METADB_SUFFIX`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`from lib.core.settings import SQLITE_ALIASES`
			`from lib.request import inject`
			`from plugins.generic.fingerprint import Fingerprint as GenericFingerprint`

			`class Fingerprint(GenericFingerprint):`
			`def __init__(self):`
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 14:55:20 +03:00			`GenericFingerprint.__init__(self, DBMS.SQLITE)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`def getFingerprint(self):`
Minor code restyling 2011-04-30 17:20:05 +04:00			`value = ""`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`wsOsFp = Format.getOs("web server", kb.headersFp)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`if wsOsFp:`
			`value += "%s\n" % wsOsFp`

			`if kb.data.banner:`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`if dbmsOsFp:`
			`value += "%s\n" % dbmsOsFp`

			`value += "back-end DBMS: "`

			`if not conf.extensiveFp:`
minor update 2010-11-02 15:08:28 +03:00			`value += DBMS.SQLITE`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`return value`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`actVer = Format.getDbms()`
Minor code restyling 2011-04-30 17:20:05 +04:00			`blank = " " * 15`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00			`value += "active fingerprint: %s" % actVer`

			`if kb.bannerFp:`
Fixes #3216 2018-08-25 23:57:49 +03:00			`banVer = kb.bannerFp.get("dbmsVersion")`
Fixes #3692 2019-05-22 10:43:10 +03:00
			`if banVer:`
			`banVer = Format.getDbms([banVer])`
			`value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`htmlErrorFp = Format.getErrorParsedDBMSes()`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`if htmlErrorFp:`
			`value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)`

			`return value`

			`def checkDbms(self):`
			`"""`
			`References for fingerprint:`

			`* http://www.sqlite.org/lang_corefunc.html`
			`* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions`
			`"""`

No more dumb usage of '--dbms' 2017-03-06 14:53:04 +03:00			`if not conf.extensiveFp and Backend.isDbmsWithin(SQLITE_ALIASES):`
refactoring of hard coded dbms names 2010-11-02 14:59:24 +03:00			`setDbms(DBMS.SQLITE)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`self.getBanner()`

Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 15:47:07 +03:00			`return True`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
Minor variable rename 2011-04-30 19:29:59 +04:00			`infoMsg = "testing %s" % DBMS.SQLITE`
			`logger.info(infoMsg)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`if result:`
Minor variable rename 2011-04-30 19:29:59 +04:00			`infoMsg = "confirming %s" % DBMS.SQLITE`
			`logger.info(infoMsg)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()")`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`if not result:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE`
Fixing DeprecationWarning (logger.warn) 2022-06-22 13:04:34 +03:00			`logger.warning(warnMsg)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`return False`
update 2010-12-10 13:54:17 +03:00			`else:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`infoMsg = "actively fingerprinting %s" % DBMS.SQLITE`
			`logger.info(infoMsg)`

Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`version = '3' if result else '2'`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersion(version)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
refactoring of hard coded dbms names 2010-11-02 14:59:24 +03:00			`setDbms(DBMS.SQLITE)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`self.getBanner()`

			`return True`
			`else:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE`
Fixing DeprecationWarning (logger.warn) 2022-06-22 13:04:34 +03:00			`logger.warning(warnMsg)`
Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files. 2010-03-24 00:26:45 +03:00
			`return False`

			`def forceDbmsEnum(self):`
blind dumping of tables in sqlite implemented 2010-12-12 01:13:19 +03:00			`conf.db = "%s%s" % (DBMS.SQLITE, METADB_SUFFIX)`