2013-02-14 15:32:17 +04:00
|
|
|
#!/usr/bin/env python
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
"""
|
2017-01-02 16:19:18 +03:00
|
|
|
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
|
2010-10-15 03:18:29 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2016-10-26 23:33:04 +03:00
|
|
|
try:
|
2016-10-29 01:13:04 +03:00
|
|
|
import cPickle as pickle
|
2016-10-26 23:33:04 +03:00
|
|
|
except:
|
2016-10-29 01:13:04 +03:00
|
|
|
import pickle
|
|
|
|
finally:
|
|
|
|
import pickle as picklePy
|
2016-10-26 23:33:04 +03:00
|
|
|
|
2015-01-15 19:32:07 +03:00
|
|
|
import base64
|
2013-01-10 02:08:50 +04:00
|
|
|
import json
|
2016-01-08 13:47:12 +03:00
|
|
|
import re
|
2015-12-09 14:00:34 +03:00
|
|
|
import StringIO
|
2010-02-23 11:54:33 +03:00
|
|
|
import sys
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-07-31 13:03:44 +04:00
|
|
|
from lib.core.settings import IS_WIN
|
2011-03-03 13:39:04 +03:00
|
|
|
from lib.core.settings import UNICODE_ENCODING
|
2015-12-09 21:53:48 +03:00
|
|
|
from lib.core.settings import PICKLE_REDUCE_WHITELIST
|
2010-03-27 02:23:25 +03:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64decode(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Decodes string value from Base64 to plain format
|
|
|
|
|
|
|
|
>>> base64decode('Zm9vYmFy')
|
|
|
|
'foobar'
|
|
|
|
"""
|
|
|
|
|
2015-01-15 19:34:14 +03:00
|
|
|
return base64.b64decode(value)
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64encode(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Encodes string value from plain to Base64 format
|
|
|
|
|
|
|
|
>>> base64encode('foobar')
|
|
|
|
'Zm9vYmFy'
|
|
|
|
"""
|
|
|
|
|
2015-01-15 19:32:07 +03:00
|
|
|
return base64.b64encode(value)
|
2010-04-12 13:35:20 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64pickle(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Serializes (with pickle) and encodes to Base64 format supplied (binary) value
|
|
|
|
|
|
|
|
>>> base64pickle('foobar')
|
2016-10-29 01:13:04 +03:00
|
|
|
'gAJVBmZvb2JhcnEBLg=='
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
|
2012-11-26 14:16:59 +04:00
|
|
|
retVal = None
|
2014-11-13 12:52:33 +03:00
|
|
|
|
2012-11-26 14:16:59 +04:00
|
|
|
try:
|
|
|
|
retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
|
|
|
|
except:
|
|
|
|
warnMsg = "problem occurred while serializing "
|
|
|
|
warnMsg += "instance of a type '%s'" % type(value)
|
|
|
|
singleTimeWarnMessage(warnMsg)
|
|
|
|
|
2014-05-29 11:33:14 +04:00
|
|
|
try:
|
|
|
|
retVal = base64encode(pickle.dumps(value))
|
|
|
|
except:
|
|
|
|
retVal = base64encode(pickle.dumps(str(value), pickle.HIGHEST_PROTOCOL))
|
|
|
|
|
2012-11-26 14:16:59 +04:00
|
|
|
return retVal
|
2010-04-12 13:35:20 +04:00
|
|
|
|
2016-10-29 01:13:04 +03:00
|
|
|
def base64unpickle(value, unsafe=False):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
2013-03-26 17:11:17 +04:00
|
|
|
Decodes value from Base64 to plain format and deserializes (with pickle) its content
|
2013-03-11 17:58:05 +04:00
|
|
|
|
2016-10-29 01:13:04 +03:00
|
|
|
>>> base64unpickle('gAJVBmZvb2JhcnEBLg==')
|
2013-03-11 17:58:05 +04:00
|
|
|
'foobar'
|
|
|
|
"""
|
|
|
|
|
2014-11-13 12:52:33 +03:00
|
|
|
retVal = None
|
|
|
|
|
2015-12-09 14:00:34 +03:00
|
|
|
def _(self):
|
|
|
|
if len(self.stack) > 1:
|
|
|
|
func = self.stack[-2]
|
2015-12-09 21:53:48 +03:00
|
|
|
if func not in PICKLE_REDUCE_WHITELIST:
|
2015-12-09 14:00:34 +03:00
|
|
|
raise Exception, "abusing reduce() is bad, Mkay!"
|
|
|
|
self.load_reduce()
|
|
|
|
|
|
|
|
def loads(str):
|
2016-10-29 01:13:04 +03:00
|
|
|
f = StringIO.StringIO(str)
|
|
|
|
if unsafe:
|
|
|
|
unpickler = picklePy.Unpickler(f)
|
2016-11-07 11:28:00 +03:00
|
|
|
unpickler.dispatch[picklePy.REDUCE] = _
|
2016-10-29 01:13:04 +03:00
|
|
|
else:
|
|
|
|
unpickler = pickle.Unpickler(f)
|
2015-12-09 14:00:34 +03:00
|
|
|
return unpickler.load()
|
|
|
|
|
2014-11-13 12:52:33 +03:00
|
|
|
try:
|
2015-12-09 14:00:34 +03:00
|
|
|
retVal = loads(base64decode(value))
|
2014-11-13 12:52:33 +03:00
|
|
|
except TypeError:
|
2015-12-09 14:00:34 +03:00
|
|
|
retVal = loads(base64decode(bytes(value)))
|
2014-11-13 12:52:33 +03:00
|
|
|
|
|
|
|
return retVal
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def hexdecode(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Decodes string value from hex to plain format
|
|
|
|
|
|
|
|
>>> hexdecode('666f6f626172')
|
|
|
|
'foobar'
|
|
|
|
"""
|
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
value = value.lower()
|
2011-12-21 23:40:42 +04:00
|
|
|
return (value[2:] if value.startswith("0x") else value).decode("hex")
|
2010-11-03 13:08:27 +03:00
|
|
|
|
2017-09-05 14:13:08 +03:00
|
|
|
def hexencode(value, encoding=None):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Encodes string value from plain to hex format
|
|
|
|
|
|
|
|
>>> hexencode('foobar')
|
|
|
|
'666f6f626172'
|
|
|
|
"""
|
|
|
|
|
2017-09-05 14:13:08 +03:00
|
|
|
return unicodeencode(value, encoding).encode("hex")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-04-29 19:22:32 +04:00
|
|
|
def unicodeencode(value, encoding=None):
|
|
|
|
"""
|
2013-03-11 17:58:05 +04:00
|
|
|
Returns 8-bit string representation of the supplied unicode value
|
2011-04-29 19:22:32 +04:00
|
|
|
|
2013-03-11 17:58:05 +04:00
|
|
|
>>> unicodeencode(u'foobar')
|
|
|
|
'foobar'
|
2011-04-29 19:22:32 +04:00
|
|
|
"""
|
|
|
|
|
|
|
|
retVal = value
|
|
|
|
if isinstance(value, unicode):
|
|
|
|
try:
|
|
|
|
retVal = value.encode(encoding or UNICODE_ENCODING)
|
|
|
|
except UnicodeEncodeError:
|
2011-05-16 01:43:38 +04:00
|
|
|
retVal = value.encode(UNICODE_ENCODING, "replace")
|
2011-04-29 19:22:32 +04:00
|
|
|
return retVal
|
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def utf8encode(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Returns 8-bit string representation of the supplied UTF-8 value
|
|
|
|
|
|
|
|
>>> utf8encode(u'foobar')
|
|
|
|
'foobar'
|
|
|
|
"""
|
|
|
|
|
2011-04-29 19:22:32 +04:00
|
|
|
return unicodeencode(value, "utf-8")
|
2010-05-28 15:32:10 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def utf8decode(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Returns UTF-8 representation of the supplied 8-bit string representation
|
2010-10-01 12:03:39 +04:00
|
|
|
|
2013-03-11 17:58:05 +04:00
|
|
|
>>> utf8decode('foobar')
|
|
|
|
u'foobar'
|
|
|
|
"""
|
|
|
|
|
|
|
|
return value.decode("utf-8")
|
2010-10-01 12:03:39 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def htmlunescape(value):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Returns (basic conversion) HTML unescaped value
|
|
|
|
|
|
|
|
>>> htmlunescape('a<b')
|
|
|
|
'a<b'
|
|
|
|
"""
|
|
|
|
|
2011-12-21 18:25:39 +04:00
|
|
|
retVal = value
|
|
|
|
if value and isinstance(value, basestring):
|
2012-07-23 17:06:49 +04:00
|
|
|
codes = (('<', '<'), ('>', '>'), ('"', '"'), (' ', ' '), ('&', '&'))
|
|
|
|
retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal)
|
2016-01-09 01:10:32 +03:00
|
|
|
try:
|
2016-05-15 10:37:45 +03:00
|
|
|
retVal = re.sub(r"&#x([^ ;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
|
2016-01-09 01:10:32 +03:00
|
|
|
except ValueError:
|
|
|
|
pass
|
2011-04-15 01:36:13 +04:00
|
|
|
return retVal
|
2012-07-31 13:03:44 +04:00
|
|
|
|
|
|
|
def singleTimeWarnMessage(message): # Cross-linked function
|
2014-11-30 01:33:24 +03:00
|
|
|
sys.stdout.write(message)
|
|
|
|
sys.stdout.write("\n")
|
|
|
|
sys.stdout.flush()
|
2012-07-31 13:03:44 +04:00
|
|
|
|
|
|
|
def stdoutencode(data):
|
|
|
|
retVal = None
|
|
|
|
|
|
|
|
try:
|
2014-11-30 01:33:24 +03:00
|
|
|
data = data or ""
|
|
|
|
|
2012-07-31 13:03:44 +04:00
|
|
|
# Reference: http://bugs.python.org/issue1602
|
|
|
|
if IS_WIN:
|
2014-11-30 01:33:24 +03:00
|
|
|
output = data.encode(sys.stdout.encoding, "replace")
|
2012-07-31 13:03:44 +04:00
|
|
|
|
2014-12-14 02:17:43 +03:00
|
|
|
if '?' in output and '?' not in data:
|
2012-07-31 13:03:44 +04:00
|
|
|
warnMsg = "cannot properly display Unicode characters "
|
|
|
|
warnMsg += "inside Windows OS command prompt "
|
|
|
|
warnMsg += "(http://bugs.python.org/issue1602). All "
|
|
|
|
warnMsg += "unhandled occurances will result in "
|
|
|
|
warnMsg += "replacement with '?' character. Please, find "
|
|
|
|
warnMsg += "proper character representation inside "
|
|
|
|
warnMsg += "corresponding output files. "
|
|
|
|
singleTimeWarnMessage(warnMsg)
|
|
|
|
|
|
|
|
retVal = output
|
|
|
|
else:
|
|
|
|
retVal = data.encode(sys.stdout.encoding)
|
|
|
|
except:
|
2014-07-29 15:32:26 +04:00
|
|
|
retVal = data.encode(UNICODE_ENCODING) if isinstance(data, unicode) else data
|
2012-07-31 13:03:44 +04:00
|
|
|
|
|
|
|
return retVal
|
2013-01-10 02:08:50 +04:00
|
|
|
|
|
|
|
def jsonize(data):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Returns JSON serialized data
|
|
|
|
|
|
|
|
>>> jsonize({'foo':'bar'})
|
|
|
|
'{\\n "foo": "bar"\\n}'
|
|
|
|
"""
|
|
|
|
|
2013-01-10 02:08:50 +04:00
|
|
|
return json.dumps(data, sort_keys=False, indent=4)
|
2013-01-29 05:39:27 +04:00
|
|
|
|
|
|
|
def dejsonize(data):
|
2013-03-11 17:58:05 +04:00
|
|
|
"""
|
|
|
|
Returns JSON deserialized data
|
|
|
|
|
|
|
|
>>> dejsonize('{\\n "foo": "bar"\\n}')
|
|
|
|
{u'foo': u'bar'}
|
|
|
|
"""
|
|
|
|
|
2013-01-29 05:39:27 +04:00
|
|
|
return json.loads(data)
|