sqlmap/plugins/dbms/firebird/syntax.py

53 lines
1.7 KiB
Python
Raw Normal View History

#!/usr/bin/env python
"""
2013-01-18 18:07:51 +04:00
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
"""
2010-12-10 13:54:17 +03:00
from lib.core.common import isDBMSVersionAtLeast
from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax):
def __init__(self):
GenericSyntax.__init__(self)
@staticmethod
2013-01-18 18:40:37 +04:00
def escape(expression, quote=True):
2010-12-10 13:54:17 +03:00
if isDBMSVersionAtLeast('2.1'):
if expression == u"'''":
return "ASCII_CHAR(%d)" % (ord("'"))
2010-12-10 13:54:17 +03:00
if quote:
while True:
index = expression.find("'")
if index == -1:
break
2010-12-10 13:54:17 +03:00
firstIndex = index + 1
index = expression[firstIndex:].find("'")
2010-12-10 13:54:17 +03:00
if index == -1:
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
2010-12-10 13:54:17 +03:00
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
unescaped = ""
for i in xrange(firstIndex, lastIndex):
2010-12-10 13:54:17 +03:00
unescaped += "ASCII_CHAR(%d)" % (ord(expression[i]))
if i < lastIndex - 1:
unescaped += "||"
2010-12-10 13:54:17 +03:00
expression = expression.replace(old, unescaped)
else:
unescaped = "".join("ASCII_CHAR(%d)||" % ord(c) for c in expression)
if unescaped[-1] == "||":
unescaped = unescaped[:-1]
2010-12-10 13:54:17 +03:00
expression = unescaped
return expression