sqlmap/lib/core/convert.py

185 lines
4.8 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
try:
import hashlib
except:
import md5
import sha
import pickle
2011-04-10 20:46:33 +04:00
import re
import sys
2011-04-10 11:16:19 +04:00
import string
2008-10-15 19:38:22 +04:00
import struct
import urllib
from lib.core.data import conf
from lib.core.data import logger
from lib.core.settings import HEX_ENCODED_CHAR_REGEX
2011-03-03 13:39:04 +03:00
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URLENCODE_CHAR_LIMIT
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
def base64decode(value):
return value.decode("base64")
2008-10-15 19:38:22 +04:00
def base64encode(value):
return value.encode("base64")[:-1].replace("\n", "")
def base64pickle(value):
return base64encode(pickle.dumps(value))
def base64unpickle(value):
return pickle.loads(base64decode(value))
2008-10-15 19:38:22 +04:00
def hexdecode(value):
value = value.lower()
2008-10-15 19:38:22 +04:00
if value.startswith("0x"):
value = value[2:]
2008-10-15 19:38:22 +04:00
return value.decode("hex")
def hexencode(value):
return value.encode("hex")
2008-10-15 19:38:22 +04:00
def md5hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
def orddecode(value):
packedString = struct.pack("!"+"I" * len(value), *value)
2008-10-15 19:38:22 +04:00
return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
def ordencode(value):
return tuple([ord(char) for char in value])
2008-10-15 19:38:22 +04:00
def sha1hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
def urldecode(value, encoding=None):
result = None
if value:
try:
# for cases like T%C3%BCrk%C3%A7e
value = str(value)
except ValueError:
2011-03-03 13:39:04 +03:00
pass
finally:
result = urllib.unquote_plus(value)
2008-10-15 19:38:22 +04:00
2011-03-03 13:39:04 +03:00
if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
return result
2008-10-15 19:38:22 +04:00
def urlencode(value, safe="%&=", convall=False, limit=False):
if conf.direct or "POSTxml" in conf.paramDict:
return value
count = 0
result = None
if value is None:
return result
2008-10-15 19:38:22 +04:00
if convall or safe is None:
safe = ""
2011-04-10 20:46:33 +04:00
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
if all(map(lambda x: '%' in x, [safe, value])):
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
while True:
result = urllib.quote(utf8encode(value), safe)
if limit and len(result) > URLENCODE_CHAR_LIMIT:
if count >= len(URLENCODE_FAILSAFE_CHARS):
dbgMsg = "failed to fully shorten urlencoding value"
logger.debug(dbgMsg)
break
while count < len(URLENCODE_FAILSAFE_CHARS):
safe += URLENCODE_FAILSAFE_CHARS[count]
count += 1
if safe[-1] in value:
break
else:
break
return result
def utf8encode(value):
return value.encode("utf-8")
def utf8decode(value):
return value.decode("utf-8")
def htmlescape(value):
return value.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;').replace(' ', '&nbsp;')
def htmlunescape(value):
return value.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'").replace('&nbsp;', ' ')
2011-04-10 11:16:19 +04:00
def safecharencode(value):
2011-04-10 11:16:19 +04:00
"""
Returns safe representation of a given basestring value
2011-04-10 11:16:19 +04:00
>>> safecharencode(u'test123')
2011-04-10 11:16:19 +04:00
u'test123'
>>> safecharencode(u'test\x01\x02\xff')
2011-04-10 11:16:19 +04:00
u'test\\01\\02\\03\\ff'
"""
retVal = value
2011-04-10 11:16:19 +04:00
if isinstance(value, basestring):
retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode())
for char in "\t\n\r\x0b\x0c":
retVal = retVal.replace(char, repr(char).strip('\''))
2011-04-10 11:16:19 +04:00
elif isinstance(value, list):
for i in xrange(len(value)):
retVal[i] = safecharencode(value[i])
return retVal
def safechardecode(value):
"""
Reverse function to safecharencode
"""
retVal = value
if isinstance(value, basestring):
for char in "\t\n\r\x0b\x0c":
retVal = retVal.replace(repr(char).strip('\''), char)
regex = re.compile(HEX_ENCODED_CHAR_REGEX)
while True:
match = regex.search(retVal)
if match:
retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\')))
else:
break
elif isinstance(value, list):
for i in xrange(len(value)):
retVal[i] = safechardecode(value[i])
2011-04-10 11:16:19 +04:00
return retVal