sqlmap/lib/core/convert.py

229 lines
5.5 KiB
Python
Raw Normal View History

#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2017-01-02 16:19:18 +03:00
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
2016-10-26 23:33:04 +03:00
try:
2016-10-29 01:13:04 +03:00
import cPickle as pickle
2016-10-26 23:33:04 +03:00
except:
2016-10-29 01:13:04 +03:00
import pickle
finally:
import pickle as picklePy
2016-10-26 23:33:04 +03:00
2015-01-15 19:32:07 +03:00
import base64
import json
2016-01-08 13:47:12 +03:00
import re
2015-12-09 14:00:34 +03:00
import StringIO
import sys
2008-10-15 19:38:22 +04:00
2012-07-31 13:03:44 +04:00
from lib.core.settings import IS_WIN
2011-03-03 13:39:04 +03:00
from lib.core.settings import UNICODE_ENCODING
2015-12-09 21:53:48 +03:00
from lib.core.settings import PICKLE_REDUCE_WHITELIST
def base64decode(value):
2013-03-11 17:58:05 +04:00
"""
Decodes string value from Base64 to plain format
>>> base64decode('Zm9vYmFy')
'foobar'
"""
2015-01-15 19:34:14 +03:00
return base64.b64decode(value)
2008-10-15 19:38:22 +04:00
def base64encode(value):
2013-03-11 17:58:05 +04:00
"""
Encodes string value from plain to Base64 format
>>> base64encode('foobar')
'Zm9vYmFy'
"""
2015-01-15 19:32:07 +03:00
return base64.b64encode(value)
def base64pickle(value):
2013-03-11 17:58:05 +04:00
"""
Serializes (with pickle) and encodes to Base64 format supplied (binary) value
>>> base64pickle('foobar')
2016-10-29 01:13:04 +03:00
'gAJVBmZvb2JhcnEBLg=='
2013-03-11 17:58:05 +04:00
"""
2012-11-26 14:16:59 +04:00
retVal = None
2014-11-13 12:52:33 +03:00
2012-11-26 14:16:59 +04:00
try:
retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
except:
warnMsg = "problem occurred while serializing "
warnMsg += "instance of a type '%s'" % type(value)
singleTimeWarnMessage(warnMsg)
try:
retVal = base64encode(pickle.dumps(value))
except:
retVal = base64encode(pickle.dumps(str(value), pickle.HIGHEST_PROTOCOL))
2012-11-26 14:16:59 +04:00
return retVal
2016-10-29 01:13:04 +03:00
def base64unpickle(value, unsafe=False):
2013-03-11 17:58:05 +04:00
"""
2013-03-26 17:11:17 +04:00
Decodes value from Base64 to plain format and deserializes (with pickle) its content
2013-03-11 17:58:05 +04:00
2016-10-29 01:13:04 +03:00
>>> base64unpickle('gAJVBmZvb2JhcnEBLg==')
2013-03-11 17:58:05 +04:00
'foobar'
"""
2014-11-13 12:52:33 +03:00
retVal = None
2015-12-09 14:00:34 +03:00
def _(self):
if len(self.stack) > 1:
func = self.stack[-2]
2015-12-09 21:53:48 +03:00
if func not in PICKLE_REDUCE_WHITELIST:
2015-12-09 14:00:34 +03:00
raise Exception, "abusing reduce() is bad, Mkay!"
self.load_reduce()
def loads(str):
2016-10-29 01:13:04 +03:00
f = StringIO.StringIO(str)
if unsafe:
unpickler = picklePy.Unpickler(f)
2016-11-07 11:28:00 +03:00
unpickler.dispatch[picklePy.REDUCE] = _
2016-10-29 01:13:04 +03:00
else:
unpickler = pickle.Unpickler(f)
2015-12-09 14:00:34 +03:00
return unpickler.load()
2014-11-13 12:52:33 +03:00
try:
2015-12-09 14:00:34 +03:00
retVal = loads(base64decode(value))
2014-11-13 12:52:33 +03:00
except TypeError:
2015-12-09 14:00:34 +03:00
retVal = loads(base64decode(bytes(value)))
2014-11-13 12:52:33 +03:00
return retVal
2008-10-15 19:38:22 +04:00
def hexdecode(value):
2013-03-11 17:58:05 +04:00
"""
Decodes string value from hex to plain format
>>> hexdecode('666f6f626172')
'foobar'
"""
value = value.lower()
2011-12-21 23:40:42 +04:00
return (value[2:] if value.startswith("0x") else value).decode("hex")
2017-09-05 14:13:08 +03:00
def hexencode(value, encoding=None):
2013-03-11 17:58:05 +04:00
"""
Encodes string value from plain to hex format
>>> hexencode('foobar')
'666f6f626172'
"""
2017-09-05 14:13:08 +03:00
return unicodeencode(value, encoding).encode("hex")
2008-10-15 19:38:22 +04:00
2011-04-29 19:22:32 +04:00
def unicodeencode(value, encoding=None):
"""
2013-03-11 17:58:05 +04:00
Returns 8-bit string representation of the supplied unicode value
2011-04-29 19:22:32 +04:00
2013-03-11 17:58:05 +04:00
>>> unicodeencode(u'foobar')
'foobar'
2011-04-29 19:22:32 +04:00
"""
retVal = value
if isinstance(value, unicode):
try:
retVal = value.encode(encoding or UNICODE_ENCODING)
except UnicodeEncodeError:
retVal = value.encode(UNICODE_ENCODING, "replace")
2011-04-29 19:22:32 +04:00
return retVal
def utf8encode(value):
2013-03-11 17:58:05 +04:00
"""
Returns 8-bit string representation of the supplied UTF-8 value
>>> utf8encode(u'foobar')
'foobar'
"""
2011-04-29 19:22:32 +04:00
return unicodeencode(value, "utf-8")
def utf8decode(value):
2013-03-11 17:58:05 +04:00
"""
Returns UTF-8 representation of the supplied 8-bit string representation
2013-03-11 17:58:05 +04:00
>>> utf8decode('foobar')
u'foobar'
"""
return value.decode("utf-8")
def htmlunescape(value):
2013-03-11 17:58:05 +04:00
"""
Returns (basic conversion) HTML unescaped value
>>> htmlunescape('a<b')
'a<b'
"""
2011-12-21 18:25:39 +04:00
retVal = value
if value and isinstance(value, basestring):
2012-07-23 17:06:49 +04:00
codes = (('&lt;', '<'), ('&gt;', '>'), ('&quot;', '"'), ('&nbsp;', ' '), ('&amp;', '&'))
retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal)
2016-01-09 01:10:32 +03:00
try:
2016-05-15 10:37:45 +03:00
retVal = re.sub(r"&#x([^ ;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
2016-01-09 01:10:32 +03:00
except ValueError:
pass
return retVal
2012-07-31 13:03:44 +04:00
def singleTimeWarnMessage(message): # Cross-linked function
2014-11-30 01:33:24 +03:00
sys.stdout.write(message)
sys.stdout.write("\n")
sys.stdout.flush()
2012-07-31 13:03:44 +04:00
def stdoutencode(data):
retVal = None
try:
2014-11-30 01:33:24 +03:00
data = data or ""
2012-07-31 13:03:44 +04:00
# Reference: http://bugs.python.org/issue1602
if IS_WIN:
2014-11-30 01:33:24 +03:00
output = data.encode(sys.stdout.encoding, "replace")
2012-07-31 13:03:44 +04:00
if '?' in output and '?' not in data:
2012-07-31 13:03:44 +04:00
warnMsg = "cannot properly display Unicode characters "
warnMsg += "inside Windows OS command prompt "
warnMsg += "(http://bugs.python.org/issue1602). All "
warnMsg += "unhandled occurances will result in "
warnMsg += "replacement with '?' character. Please, find "
warnMsg += "proper character representation inside "
warnMsg += "corresponding output files. "
singleTimeWarnMessage(warnMsg)
retVal = output
else:
retVal = data.encode(sys.stdout.encoding)
except:
2014-07-29 15:32:26 +04:00
retVal = data.encode(UNICODE_ENCODING) if isinstance(data, unicode) else data
2012-07-31 13:03:44 +04:00
return retVal
def jsonize(data):
2013-03-11 17:58:05 +04:00
"""
Returns JSON serialized data
>>> jsonize({'foo':'bar'})
'{\\n "foo": "bar"\\n}'
"""
return json.dumps(data, sort_keys=False, indent=4)
def dejsonize(data):
2013-03-11 17:58:05 +04:00
"""
Returns JSON deserialized data
>>> dejsonize('{\\n "foo": "bar"\\n}')
{u'foo': u'bar'}
"""
return json.loads(data)