sqlmap/lib/core/convert.py

158 lines
4.1 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
2011-07-08 00:10:03 +04:00
Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
try:
import hashlib
except:
import md5
import sha
import binascii
import pickle
2011-04-10 20:46:33 +04:00
import re
import sys
2011-04-10 11:16:19 +04:00
import string
2008-10-15 19:38:22 +04:00
import struct
import urllib
2011-04-15 17:51:06 +04:00
from extra.safe2bin.safe2bin import safecharencode
from extra.safe2bin.safe2bin import safechardecode
from lib.core.data import conf
2011-07-08 14:03:14 +04:00
from lib.core.data import kb
from lib.core.data import logger
2011-04-18 01:39:00 +04:00
from lib.core.enums import PLACE
2011-03-03 13:39:04 +03:00
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URLENCODE_CHAR_LIMIT
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
def base64decode(value):
return value.decode("base64")
2008-10-15 19:38:22 +04:00
def base64encode(value):
return value.encode("base64")[:-1].replace("\n", "")
def base64pickle(value):
return base64encode(pickle.dumps(value))
def base64unpickle(value):
return pickle.loads(base64decode(value))
2008-10-15 19:38:22 +04:00
def hexdecode(value):
value = value.lower()
2008-10-15 19:38:22 +04:00
if value.startswith("0x"):
value = value[2:]
2008-10-15 19:38:22 +04:00
return value.decode("hex")
def hexencode(value):
return value.encode("hex")
2008-10-15 19:38:22 +04:00
def md5hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
def orddecode(value):
packedString = struct.pack("!"+"I" * len(value), *value)
2008-10-15 19:38:22 +04:00
return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
def ordencode(value):
return tuple([ord(char) for char in value])
2008-10-15 19:38:22 +04:00
def sha1hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
def urldecode(value, encoding=None):
result = None
if value:
try:
# for cases like T%C3%BCrk%C3%A7e
value = str(value)
except ValueError:
2011-03-03 13:39:04 +03:00
pass
finally:
result = urllib.unquote_plus(value)
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
2011-03-03 13:39:04 +03:00
return result
2008-10-15 19:38:22 +04:00
2011-07-08 14:03:14 +04:00
def urlencode(value, safe="%&=", convall=False, limit=False):
2011-04-18 01:39:00 +04:00
if conf.direct or PLACE.SOAP in conf.paramDict:
return value
count = 0
result = None
if value is None:
return result
2008-10-15 19:38:22 +04:00
if convall or safe is None:
safe = ""
2011-04-10 20:46:33 +04:00
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
2011-07-08 14:03:14 +04:00
# except in cases when tampering scripts are used
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
2011-04-10 20:46:33 +04:00
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
while True:
result = urllib.quote(utf8encode(value), safe)
if limit and len(result) > URLENCODE_CHAR_LIMIT:
if count >= len(URLENCODE_FAILSAFE_CHARS):
break
while count < len(URLENCODE_FAILSAFE_CHARS):
safe += URLENCODE_FAILSAFE_CHARS[count]
count += 1
if safe[-1] in value:
break
else:
break
return result
2011-04-29 19:22:32 +04:00
def unicodeencode(value, encoding=None):
"""
Return 8-bit string representation of the supplied unicode value:
>>> unicodeencode(u'test')
'test'
"""
retVal = value
if isinstance(value, unicode):
try:
retVal = value.encode(encoding or UNICODE_ENCODING)
except UnicodeEncodeError:
retVal = value.encode(UNICODE_ENCODING, "replace")
2011-04-29 19:22:32 +04:00
return retVal
def utf8encode(value):
2011-04-29 19:22:32 +04:00
return unicodeencode(value, "utf-8")
def utf8decode(value):
return value.decode("utf-8")
def htmlescape(value):
return value.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;').replace(' ', '&nbsp;')
def htmlunescape(value):
retVal = value.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'").replace('&nbsp;', ' ')
retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal)
return retVal