sqlmap/lib/request/redirecthandler.py

#!/usr/bin/env python2

"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

import io
import time
import types

from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getSafeExString
from lib.core.common import logHTTPTraffic
from lib.core.common import readInput
from lib.core.convert import getUnicode
from lib.core.enums import CUSTOM_LOGGING
from lib.core.enums import HTTP_HEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import REDIRECTION
from lib.core.exception import SqlmapConnectionException
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS
from lib.core.settings import MAX_TOTAL_REDIRECTIONS
from lib.core.threads import getCurrentThreadData
from lib.request.basic import decodePage
from lib.request.basic import parseResponse
from thirdparty.six.moves import urllib as _urllib

class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
    def _get_header_redirect(self, headers):
        retVal = None

        if headers:
            if "location" in headers:
                retVal = headers.getheaders("location")[0]
            elif "uri" in headers:
                retVal = headers.getheaders("uri")[0]

        return retVal

    def _ask_redirect_choice(self, redcode, redurl, method):
        with kb.locks.redirect:
            if kb.redirectChoice is None:
                msg = "sqlmap got a %d redirect to " % redcode
                msg += "'%s'. Do you want to follow? [Y/n] " % redurl

                kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO

            if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
                msg = "redirect is a result of a "
                msg += "POST request. Do you want to "
                msg += "resend original POST data to a new "
                msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")

                kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)

            if kb.resendPostOnRedirect:
                self.redirect_request = self._redirect_request

    def _redirect_request(self, req, fp, code, msg, headers, newurl):
        newurl = newurl.replace(' ', '%20')
        return _urllib.request.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())

    def http_error_302(self, req, fp, code, msg, headers):
        start = time.time()
        content = None
        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None

        try:
            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
        except Exception as ex:
            dbgMsg = "there was a problem while retrieving "
            dbgMsg += "redirect response content ('%s')" % getSafeExString(ex)
            logger.debug(dbgMsg)
        finally:
            if content:
                try:  # try to write it back to the read buffer so we could reuse it in further steps
                    fp.fp._rbuf.truncate(0)
                    fp.fp._rbuf.write(content)
                except:
                    pass

        content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))

        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

        redirectMsg = "HTTP redirect "
        redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))

        if headers:
            logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if hasattr(key, "capitalize") else key), getUnicode(value)) for (key, value) in headers.items())
        else:
            logHeaders = ""

        redirectMsg += logHeaders
        if content:
            redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])

        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())
        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)

        if redurl:
            try:
                if not _urllib.parse.urlsplit(redurl).netloc:
                    redurl = _urllib.parse.urljoin(req.get_full_url(), redurl)

                self._infinite_loop_check(req)
                self._ask_redirect_choice(code, redurl, req.get_method())
            except ValueError:
                redurl = None
                result = fp

        if redurl and kb.redirectChoice == REDIRECTION.YES:
            parseResponse(content, headers)

            req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
            if headers and HTTP_HEADER.SET_COOKIE in headers:
                cookies = dict()
                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
                last = None

                for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + headers.getheaders(HTTP_HEADER.SET_COOKIE):
                    if '=' in part:
                        part = part.strip()
                        key, value = part.split('=', 1)
                        cookies[key] = value
                        last = key
                    elif last:
                        cookies[last] += "%s%s" % (delimiter, part)

                req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies)

            try:
                result = _urllib.request.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
            except _urllib.error.HTTPError as ex:
                result = ex

                # Dirty hack for http://bugs.python.org/issue15701
                try:
                    result.info()
                except AttributeError:
                    def _(self):
                        return getattr(self, "hdrs") or {}
                    result.info = types.MethodType(_, result)

                if not hasattr(result, "read"):
                    def _(self, length=None):
                        return ex.msg
                    result.read = types.MethodType(_, result)

                if not getattr(result, "url", None):
                    result.url = redurl

                if not getattr(result, "code", None):
                    result.code = 999
            except:
                redurl = None
                result = fp
                fp.read = io.BytesIO("").read
        else:
            result = fp

        threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)

        result.redcode = code
        result.redurl = redurl
        return result

    http_error_301 = http_error_303 = http_error_307 = http_error_302

    def _infinite_loop_check(self, req):
        if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
            errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
            errMsg += "Please check all provided parameters and/or provide missing ones"
            raise SqlmapConnectionException(errMsg)
Update regarding #2940 (PEP 394) 2019-03-21 16:00:09 +03:00			`#!/usr/bin/env python2`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00
			`"""`
update_copyright_year() 2019-01-05 23:38:52 +03:00			`Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`"""`

StringIO is bad m'kay (python3 this and that) 2019-03-26 16:37:01 +03:00			`import io`
Update for #2597 2017-07-04 13:14:17 +03:00			`import time`
Patch for an Issue #1157 2015-02-04 17:01:03 +03:00			`import types`
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00
Fix for an Issue #497 2013-08-01 21:48:20 +04:00			`from lib.core.data import conf`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.data import kb`
minor fix regarding last couple of commits 2011-03-17 14:25:37 +03:00			`from lib.core.data import logger`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00			`from lib.core.common import getHostHeader`
Update related to the last commit 2019-01-22 03:20:27 +03:00			`from lib.core.common import getSafeExString`
adding redirect response to the traffic file 2011-09-28 12:13:46 +04:00			`from lib.core.common import logHTTPTraffic`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.common import readInput`
Fixes #3622 2019-05-06 01:54:21 +03:00			`from lib.core.convert import getUnicode`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`from lib.core.enums import CUSTOM_LOGGING`
Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`from lib.core.enums import HTTP_HEADER`
Implementation for an Issue #348 2013-01-18 00:49:58 +04:00			`from lib.core.enums import HTTPMETHOD`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.enums import REDIRECTION`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapConnectionException`
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 16:51:08 +04:00			`from lib.core.settings import DEFAULT_COOKIE_DELIMITER`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE`
Minor update 2012-12-07 18:29:54 +04:00			`from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS`
			`from lib.core.settings import MAX_TOTAL_REDIRECTIONS`
minor update toward the implementation of request from Santiago 2011-03-17 09:39:05 +03:00			`from lib.core.threads import getCurrentThreadData`
minor fix and some refactoring 2011-03-18 03:24:02 +03:00			`from lib.request.basic import decodePage`
Patch for an Issue #1468 2015-10-15 14:07:43 +03:00			`from lib.request.basic import parseResponse`
God help us all with this Python3 non-sense 2019-03-27 15:33:46 +03:00			`from thirdparty.six.moves import urllib as _urllib`
detecting infinite redirect loops (Feature #192) 2010-07-19 16:38:30 +04:00
God help us all with this Python3 non-sense 2019-03-27 15:33:46 +03:00			`class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00			`def _get_header_redirect(self, headers):`
			`retVal = None`

redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`if headers:`
			`if "location" in headers:`
I believe that this was a wrong decision. Patching 2015-11-09 16:11:08 +03:00			`retVal = headers.getheaders("location")[0]`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`elif "uri" in headers:`
I believe that this was a wrong decision. Patching 2015-11-09 16:11:08 +03:00			`retVal = headers.getheaders("uri")[0]`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00
			`return retVal`

Implementation for an Issue #348 2013-01-18 00:49:58 +04:00			`def _ask_redirect_choice(self, redcode, redurl, method):`
Fix for an Issue #345 2013-01-17 14:50:12 +04:00			`with kb.locks.redirect:`
			`if kb.redirectChoice is None:`
			`msg = "sqlmap got a %d redirect to " % redcode`
			`msg += "'%s'. Do you want to follow? [Y/n] " % redurl`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Some code refactoring 2017-04-18 16:48:05 +03:00			`kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Minor just in place update for an Issue #348 2013-01-18 01:44:55 +04:00			`if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:`
			`msg = "redirect is a result of a "`
			`msg += "POST request. Do you want to "`
			`msg += "resend original POST data to a new "`
			`msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")`

Minor cleanup and one bug fix 2017-04-19 15:46:27 +03:00			`kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)`
Minor just in place update for an Issue #348 2013-01-18 01:44:55 +04:00
Minor fix regarding POST redirects (ML) 2015-06-16 13:00:56 +03:00			`if kb.resendPostOnRedirect:`
			`self.redirect_request = self._redirect_request`
Implementation for an Issue #348 2013-01-18 00:49:58 +04:00
			`def _redirect_request(self, req, fp, code, msg, headers, newurl):`
			`newurl = newurl.replace(' ', '%20')`
God help us all with this Python3 non-sense 2019-03-27 15:33:46 +03:00			`return _urllib.request.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())`
Implementation for an Issue #348 2013-01-18 00:49:58 +04:00
Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 17:24:43 +03:00			`def http_error_302(self, req, fp, code, msg, headers):`
Update for #2597 2017-07-04 13:14:17 +03:00			`start = time.time()`
some fixes here and there 2012-03-15 16:14:50 +04:00			`content = None`
Adding switch --ignore-redirects (Issue #2286) 2016-11-25 15:32:28 +03:00			`redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`try:`
Minor update 2012-12-07 18:29:54 +04:00			`content = fp.read(MAX_CONNECTION_TOTAL_SIZE)`
Update related to the last commit 2019-01-22 03:20:27 +03:00			`except Exception as ex:`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`dbgMsg = "there was a problem while retrieving "`
Update related to the last commit 2019-01-22 03:20:27 +03:00			`dbgMsg += "redirect response content ('%s')" % getSafeExString(ex)`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`logger.debug(dbgMsg)`
Minor update 2012-12-07 18:29:54 +04:00			`finally:`
			`if content:`
			`try: # try to write it back to the read buffer so we could reuse it in further steps`
			`fp.fp._rbuf.truncate(0)`
			`fp.fp._rbuf.write(content)`
			`except:`
			`pass`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00
Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))`
Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`threadData = getCurrentThreadData()`
Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`threadData.lastRedirectMsg = (threadData.lastRequestUID, content)`

Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`redirectMsg = "HTTP redirect "`
Update for #2597 2017-07-04 13:14:17 +03:00			`redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00
			`if headers:`
Dealing with basesting (one baby step closer to Py3 salvation) 2019-03-28 15:53:54 +03:00			`logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if hasattr(key, "capitalize") else key), getUnicode(value)) for (key, value) in headers.items())`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`else:`
			`logHeaders = ""`

Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`redirectMsg += logHeaders`
Minor update for an Issue #288 2012-12-07 15:14:33 +04:00			`if content:`
Update for #2597 2017-07-04 13:14:17 +03:00			`redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00
Update for #2597 2017-07-04 13:14:17 +03:00			`logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())`
Patch for an Issue #288 2012-12-07 14:52:21 +04:00			`logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)`
Minor update for an Issue #288 2012-12-07 14:23:18 +04:00
Fix for an Issue #101 2012-07-17 02:19:33 +04:00			`if redurl:`
Patch for an Issue #667 2014-04-07 23:01:40 +04:00			`try:`
God help us all with this Python3 non-sense 2019-03-27 15:33:46 +03:00			`if not _urllib.parse.urlsplit(redurl).netloc:`
			`redurl = _urllib.parse.urljoin(req.get_full_url(), redurl)`
Patch for an Issue #667 2014-04-07 23:01:40 +04:00
			`self._infinite_loop_check(req)`
			`self._ask_redirect_choice(code, redurl, req.get_method())`
			`except ValueError:`
			`redurl = None`
			`result = fp`
minor fix regarding last couple of commits 2011-03-17 14:25:37 +03:00
Fix for an Issue #101 2012-07-17 02:19:33 +04:00			`if redurl and kb.redirectChoice == REDIRECTION.YES:`
Patch for an Issue #1468 2015-10-15 14:07:43 +03:00			`parseResponse(content, headers)`

Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)`
			`if headers and HTTP_HEADER.SET_COOKIE in headers:`
Fixes #3149 2018-06-29 23:37:57 +03:00			`cookies = dict()`
Fixes #2447 2017-03-27 23:36:04 +03:00			`delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER`
Fixes #3149 2018-06-29 23:37:57 +03:00			`last = None`

			`for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + headers.getheaders(HTTP_HEADER.SET_COOKIE):`
			`if '=' in part:`
			`part = part.strip()`
			`key, value = part.split('=', 1)`
			`cookies[key] = value`
			`last = key`
			`elif last:`
Minor patch (Issue #3149) 2018-06-29 23:48:43 +03:00			`cookies[last] += "%s%s" % (delimiter, part)`
Fixes #3149 2018-06-29 23:37:57 +03:00
			`req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies)`

Patch for an Issue #716 2014-06-10 23:57:54 +04:00			`try:`
God help us all with this Python3 non-sense 2019-03-27 15:33:46 +03:00			`result = _urllib.request.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)`
			`except _urllib.error.HTTPError as ex:`
More refactoring like the last couple of commits 2019-01-22 04:08:02 +03:00			`result = ex`
Patch for an Issue #1157 2015-02-04 17:01:03 +03:00
			`# Dirty hack for http://bugs.python.org/issue15701`
			`try:`
			`result.info()`
			`except AttributeError:`
			`def _(self):`
			`return getattr(self, "hdrs") or {}`
			`result.info = types.MethodType(_, result)`

			`if not hasattr(result, "read"):`
			`def _(self, length=None):`
More refactoring like the last couple of commits 2019-01-22 04:08:02 +03:00			`return ex.msg`
Patch for an Issue #1157 2015-02-04 17:01:03 +03:00			`result.read = types.MethodType(_, result)`

			`if not getattr(result, "url", None):`
			`result.url = redurl`

			`if not getattr(result, "code", None):`
			`result.code = 999`
Patch for an Issue #716 2014-06-10 23:57:54 +04:00			`except:`
			`redurl = None`
			`result = fp`
StringIO is bad m'kay (python3 this and that) 2019-03-26 16:37:01 +03:00			`fp.read = io.BytesIO("").read`
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`else:`
			`result = fp`
fix for redirect/HOST header bug 2011-11-11 15:28:27 +04:00
Fix for crawler and redirection case 2013-04-30 20:08:26 +04:00			`threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)`

Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 15:40:19 +04:00			`result.redcode = code`
			`result.redurl = redurl`
			`return result`
some fixes here and there 2012-03-15 16:14:50 +04:00
			`http_error_301 = http_error_303 = http_error_307 = http_error_302`
detecting infinite redirect loops (Feature #192) 2010-07-19 16:38:30 +04:00
redirect logic rewritten from scratch 2012-03-15 15:10:58 +04:00			`def _infinite_loop_check(self, req):`
			`if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):`
Minor code restyling 2011-04-30 17:20:05 +04:00			`errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())`
Minor style update 2014-01-02 14:06:19 +04:00			`errMsg += "Please check all provided parameters and/or provide missing ones"`
Replacing old and deprecated raise Exception style (PEP8) 2013-01-04 02:20:55 +04:00			`raise SqlmapConnectionException(errMsg)`