sqlmap/lib/core/convert.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

try:
    import hashlib
except:
    import md5
    import sha

import pickle
import sys
import struct
import urllib

from lib.core.data import conf

def base64decode(value):
    return value.decode("base64")

def base64encode(value):
    return value.encode("base64")[:-1].replace("\n", "")

def base64pickle(value):
    return base64encode(pickle.dumps(value))

def base64unpickle(value):
    return pickle.loads(base64decode(value))

def hexdecode(value):
    value = value.lower()

    if value.startswith("0x"):
        value = value[2:]

    return value.decode("hex")

def hexencode(value):
    return value.encode("hex")

def md5hash(value):
    if sys.modules.has_key('hashlib'):
        return hashlib.md5(value).hexdigest()
    else:
        return md5.new(value).hexdigest()

def orddecode(value):
    packedString = struct.pack("!"+"I" * len(value), *value)
    return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])

def ordencode(value):
    return tuple([ord(char) for char in value])

def sha1hash(value):
    if sys.modules.has_key('hashlib'):
        return hashlib.sha1(value).hexdigest()
    else:
        return sha.new(value).hexdigest()

def urldecode(value):
    result = None

    if value:
        result = urllib.unquote_plus(value)

    return result

def urlencode(value, safe=":/?%&=", convall=False):
    if conf.direct or "POSTxml" in conf.paramDict:
        return value

    result = None

    if value is None:
        return result

    if convall:
        result = urllib.quote(utf8encode(value)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
    else:
        result = urllib.quote(utf8encode(value), safe)

    return result

def utf8encode(value):
    return value.encode("utf-8")

def utf8decode(value):
    return value.decode("utf-8")

def htmlescape(value):
    return value.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;').replace(' ', '&nbsp;')

def htmlunescape(value):
    return value.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'").replace('&nbsp;', ' ')
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`try:`
			`import hashlib`
			`except:`
			`import md5`
			`import sha`
Added resume functionality to -d and fixed logging with -d 2010-04-12 13:35:20 +04:00
			`import pickle`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`import sys`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`import struct`
			`import urllib`

Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00			`from lib.core.data import conf`

code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def base64decode(value):`
			`return value.decode("base64")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def base64encode(value):`
			`return value.encode("base64")[:-1].replace("\n", "")`
Added resume functionality to -d and fixed logging with -d 2010-04-12 13:35:20 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def base64pickle(value):`
			`return base64encode(pickle.dumps(value))`
Added resume functionality to -d and fixed logging with -d 2010-04-12 13:35:20 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def base64unpickle(value):`
			`return pickle.loads(base64decode(value))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def hexdecode(value):`
			`value = value.lower()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`if value.startswith("0x"):`
			`value = value[2:]`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return value.decode("hex")`
removed all trailing spaces from blank lines 2010-11-03 13:08:27 +03:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def hexencode(value):`
			`return value.encode("hex")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def md5hash(value):`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`if sys.modules.has_key('hashlib'):`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return hashlib.md5(value).hexdigest()`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`else:`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return md5.new(value).hexdigest()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def orddecode(value):`
			`packedString = struct.pack("!"+"I" * len(value), *value)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])`

code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def ordencode(value):`
			`return tuple([ord(char) for char in value])`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def sha1hash(value):`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`if sys.modules.has_key('hashlib'):`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return hashlib.sha1(value).hexdigest()`
Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 11:54:33 +03:00			`else:`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return sha.new(value).hexdigest()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def urldecode(value):`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`result = None`
fix for a google bug reported by Brandon E. 2010-10-01 12:03:39 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`if value:`
			`result = urllib.unquote_plus(value)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`return result`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def urlencode(value, safe=":/?%&=", convall=False):`
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-30 01:07:23 +04:00			`if conf.direct or "POSTxml" in conf.paramDict:`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`return value`
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`result = None`

code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`if value is None:`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`return result`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if convall:`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`result = urllib.quote(utf8encode(value)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`else:`
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`result = urllib.quote(utf8encode(value), safe)`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00
			`return result`
Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 15:32:10 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def utf8encode(value):`
			`return value.encode("utf-8")`
Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 15:32:10 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def utf8decode(value):`
			`return value.decode("utf-8")`
fix for a google bug reported by Brandon E. 2010-10-01 12:03:39 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def htmlescape(value):`
			`return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''').replace(' ', ' ')`
fix for a google bug reported by Brandon E. 2010-10-01 12:03:39 +04:00
code review of modules in lib/core directory 2011-01-15 15:13:45 +03:00			`def htmlunescape(value):`
			`return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'").replace(' ', ' ')`