sqlmap/lib/parse/payloads.py

81 lines
2.2 KiB
Python
Raw Normal View History

#!/usr/bin/env python
"""
2012-07-12 21:38:03 +04:00
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from xml.etree import ElementTree as et
from lib.core.data import conf
from lib.core.data import paths
2011-07-08 10:02:31 +04:00
from lib.core.datatype import AttribDict
2010-12-03 13:51:27 +03:00
def cleanupVals(text, tag):
if tag in ("clause", "where"):
text = text.split(',')
2010-12-03 13:51:27 +03:00
if isinstance(text, basestring):
if text.isdigit():
text = int(text)
else:
2010-12-03 13:51:27 +03:00
text = str(text)
elif isinstance(text, list):
count = 0
for t in text:
if t.isdigit():
t = int(t)
else:
t = str(t)
2010-12-03 13:51:27 +03:00
text[count] = t
count += 1
2010-12-03 13:51:27 +03:00
if len(text) == 1 and tag not in ("clause", "where"):
text = text[0]
2010-12-03 13:51:27 +03:00
return text
def parseXmlNode(node):
for element in node.getiterator('boundary'):
2011-07-08 10:02:31 +04:00
boundary = AttribDict()
for child in element.getchildren():
if child.text:
2010-12-03 13:51:27 +03:00
values = cleanupVals(child.text, child.tag)
boundary[child.tag] = values
else:
boundary[child.tag] = None
conf.boundaries.append(boundary)
for element in node.getiterator('test'):
2011-07-08 10:02:31 +04:00
test = AttribDict()
for child in element.getchildren():
if child.text and child.text.strip():
2010-12-03 13:51:27 +03:00
values = cleanupVals(child.text, child.tag)
test[child.tag] = values
else:
if len(child.getchildren()) == 0:
test[child.tag] = None
continue
else:
2011-07-08 10:02:31 +04:00
test[child.tag] = AttribDict()
for gchild in child.getchildren():
if gchild.tag in test[child.tag]:
prevtext = test[child.tag][gchild.tag]
test[child.tag][gchild.tag] = [prevtext, gchild.text]
else:
test[child.tag][gchild.tag] = gchild.text
conf.tests.append(test)
def loadPayloads():
doc = et.parse(paths.PAYLOADS_XML)
root = doc.getroot()
parseXmlNode(root)