sqlmap/plugins/generic/custom.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from __future__ import print_function

import re
import sys

from lib.core.common import Backend
from lib.core.common import dataToStdout
from lib.core.common import getSQLSnippet
from lib.core.common import isStackingAvailable
from lib.core.convert import getUnicode
from lib.core.data import conf
from lib.core.data import logger
from lib.core.dicts import SQL_STATEMENTS
from lib.core.enums import AUTOCOMPLETE_TYPE
from lib.core.enums import DBMS
from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import NULL
from lib.core.settings import PARAMETER_SPLITTING_REGEX
from lib.core.shell import autoCompletion
from lib.request import inject
from thirdparty.six.moves import input as _input

class Custom(object):
    """
    This class defines custom enumeration functionalities for plugins.
    """

    def __init__(self):
        pass

    def sqlQuery(self, query):
        output = None
        sqlType = None
        query = query.rstrip(';')

        try:
            for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
                for sqlStatement in sqlStatements:
                    if query.lower().startswith(sqlStatement):
                        sqlType = sqlTitle
                        break

            if not re.search(r"\b(OPENROWSET|INTO)\b", query, re.I) and (not sqlType or "SELECT" in sqlType):
                infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
                logger.info(infoMsg)

                if Backend.isDbms(DBMS.MSSQL):
                    match = re.search(r"(\bFROM\s+)([^\s]+)", query, re.I)
                    if match and match.group(2).count('.') == 1:
                        query = query.replace(match.group(0), "%s%s" % (match.group(1), match.group(2).replace('.', ".dbo.")))

                query = re.sub(r"(?i)\w+%s\.?" % METADB_SUFFIX, "", query)

                output = inject.getValue(query, fromUser=True)

                return output
            elif not isStackingAvailable() and not conf.direct:
                warnMsg = "execution of non-query SQL statements is only "
                warnMsg += "available when stacked queries are supported"
                logger.warning(warnMsg)

                return None
            else:
                if sqlType:
                    infoMsg = "executing %s statement: '%s'" % (sqlType if sqlType is not None else "SQL", query)
                else:
                    infoMsg = "executing unknown SQL command: '%s'" % query
                logger.info(infoMsg)

                inject.goStacked(query)

                output = NULL

        except SqlmapNoneDataException as ex:
            logger.warning(ex)

        return output

    def sqlShell(self):
        infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
        infoMsg += "'x' or 'q' and press ENTER"
        logger.info(infoMsg)

        autoCompletion(AUTOCOMPLETE_TYPE.SQL)

        while True:
            query = None

            try:
                query = _input("sql-shell> ")
                query = getUnicode(query, encoding=sys.stdin.encoding)
                query = query.strip("; ")
            except KeyboardInterrupt:
                print()
                errMsg = "user aborted"
                logger.error(errMsg)
            except EOFError:
                print()
                errMsg = "exit"
                logger.error(errMsg)
                break

            if not query:
                continue

            if query.lower() in ("x", "q", "exit", "quit"):
                break

            output = self.sqlQuery(query)

            if output and output != "Quit":
                conf.dumper.sqlQuery(query, output)

            elif not output:
                pass

            elif output != "Quit":
                dataToStdout("No output\n")

    def sqlFile(self):
        infoMsg = "executing SQL statements from given file(s)"
        logger.info(infoMsg)

        for filename in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
            filename = filename.strip()

            if not filename:
                continue

            snippet = getSQLSnippet(Backend.getDbms(), filename)

            if snippet and all(query.strip().upper().startswith("SELECT") for query in (_ for _ in snippet.split(';' if ';' in snippet else '\n') if _)):
                for query in (_ for _ in snippet.split(';' if ';' in snippet else '\n') if _):
                    query = query.strip()
                    if query:
                        conf.dumper.sqlQuery(query, self.sqlQuery(query))
            else:
                conf.dumper.sqlQuery(snippet, self.sqlQuery(snippet))
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
			`"""`
Copyright year bump 2022-01-03 13:30:34 +03:00			`Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`"""`

Baby steps 2019-01-22 03:28:24 +03:00			`from __future__ import print_function`

plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`import re`
Patch for an Issue #923 2014-11-11 13:53:51 +03:00			`import sys`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
			`from lib.core.common import Backend`
			`from lib.core.common import dataToStdout`
			`from lib.core.common import getSQLSnippet`
Refactoring of funcionality for finding out if stacking is available 2013-02-13 12:57:16 +04:00			`from lib.core.common import isStackingAvailable`
Fixes #3622 2019-05-06 01:54:21 +03:00			`from lib.core.convert import getUnicode`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`from lib.core.data import conf`
			`from lib.core.data import logger`
Minor refactoring of dictionaries 2012-08-21 13:19:15 +04:00			`from lib.core.dicts import SQL_STATEMENTS`
Minor code refactoring 2014-09-16 11:07:31 +04:00			`from lib.core.enums import AUTOCOMPLETE_TYPE`
Patch for #4199 2020-05-13 15:18:19 +03:00			`from lib.core.enums import DBMS`
Fixes #1559 2015-11-23 11:20:35 +03:00			`from lib.core.exception import SqlmapNoneDataException`
Minor patch for #4613 2021-03-28 22:41:45 +03:00			`from lib.core.settings import METADB_SUFFIX`
Minor update (display NULL instead of FALSE when non-query statement is sqlQueried) 2013-09-02 13:32:32 +04:00			`from lib.core.settings import NULL`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`from lib.core.settings import PARAMETER_SPLITTING_REGEX`
			`from lib.core.shell import autoCompletion`
			`from lib.request import inject`
More drei updates 2019-05-02 01:45:44 +03:00			`from thirdparty.six.moves import input as _input`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Pleasing the pylint gods 2019-05-29 17:42:04 +03:00			`class Custom(object):`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`"""`
			`This class defines custom enumeration functionalities for plugins.`
			`"""`

			`def __init__(self):`
			`pass`

			`def sqlQuery(self, query):`
			`output = None`
			`sqlType = None`
			`query = query.rstrip(';')`

Fixes #1559 2015-11-23 11:20:35 +03:00			`try:`
			`for sqlTitle, sqlStatements in SQL_STATEMENTS.items():`
			`for sqlStatement in sqlStatements:`
			`if query.lower().startswith(sqlStatement):`
			`sqlType = sqlTitle`
			`break`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Patch related to the #4188 2020-05-06 01:36:18 +03:00			`if not re.search(r"\b(OPENROWSET\|INTO)\b", query, re.I) and (not sqlType or "SELECT" in sqlType):`
Fixes #1559 2015-11-23 11:20:35 +03:00			`infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)`
			`logger.info(infoMsg)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Patch for #4199 2020-05-13 15:18:19 +03:00			`if Backend.isDbms(DBMS.MSSQL):`
			`match = re.search(r"(\bFROM\s+)([^\s]+)", query, re.I)`
			`if match and match.group(2).count('.') == 1:`
			`query = query.replace(match.group(0), "%s%s" % (match.group(1), match.group(2).replace('.', ".dbo.")))`

Minor patch for #4613 2021-03-28 22:41:45 +03:00			`query = re.sub(r"(?i)\w+%s\.?" % METADB_SUFFIX, "", query)`

Fixes #1559 2015-11-23 11:20:35 +03:00			`output = inject.getValue(query, fromUser=True)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Fixes #1559 2015-11-23 11:20:35 +03:00			`return output`
			`elif not isStackingAvailable() and not conf.direct:`
Minor refactoring 2019-05-30 23:55:54 +03:00			`warnMsg = "execution of non-query SQL statements is only "`
			`warnMsg += "available when stacked queries are supported"`
Fixing DeprecationWarning (logger.warn) 2022-06-22 13:04:34 +03:00			`logger.warning(warnMsg)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Minor refactoring 2019-05-30 23:55:54 +03:00			`return None`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`else:`
Fixes #1559 2015-11-23 11:20:35 +03:00			`if sqlType:`
Minor improvement 2019-11-26 15:36:06 +03:00			`infoMsg = "executing %s statement: '%s'" % (sqlType if sqlType is not None else "SQL", query)`
Fixes #1559 2015-11-23 11:20:35 +03:00			`else:`
Minor improvement 2019-11-26 15:36:06 +03:00			`infoMsg = "executing unknown SQL command: '%s'" % query`
			`logger.info(infoMsg)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Fixes #1559 2015-11-23 11:20:35 +03:00			`inject.goStacked(query)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Fixes #1559 2015-11-23 11:20:35 +03:00			`output = NULL`

Baby steps (2 to 3 at a time) 2019-01-22 02:40:48 +03:00			`except SqlmapNoneDataException as ex:`
Fixing DeprecationWarning (logger.warn) 2022-06-22 13:04:34 +03:00			`logger.warning(ex)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
			`return output`

			`def sqlShell(self):`
			`infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()`
			`infoMsg += "'x' or 'q' and press ENTER"`
			`logger.info(infoMsg)`

Minor code refactoring 2014-09-16 11:07:31 +04:00			`autoCompletion(AUTOCOMPLETE_TYPE.SQL)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
			`while True:`
			`query = None`

			`try:`
More drei updates 2019-05-02 01:45:44 +03:00			`query = _input("sql-shell> ")`
Patch for an Issue #923 2014-11-11 13:53:51 +03:00			`query = getUnicode(query, encoding=sys.stdin.encoding)`
Trivial patch (display of used user queries) 2018-08-17 20:45:34 +03:00			`query = query.strip("; ")`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`except KeyboardInterrupt:`
Baby steps 2019-01-22 03:28:24 +03:00			`print()`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`errMsg = "user aborted"`
			`logger.error(errMsg)`
			`except EOFError:`
Baby steps 2019-01-22 03:28:24 +03:00			`print()`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`errMsg = "exit"`
			`logger.error(errMsg)`
			`break`

			`if not query:`
			`continue`

			`if query.lower() in ("x", "q", "exit", "quit"):`
			`break`

			`output = self.sqlQuery(query)`

			`if output and output != "Quit":`
Minor update 2019-04-30 15:04:39 +03:00			`conf.dumper.sqlQuery(query, output)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
			`elif not output:`
			`pass`

			`elif output != "Quit":`
			`dataToStdout("No output\n")`

			`def sqlFile(self):`
			`infoMsg = "executing SQL statements from given file(s)"`
			`logger.info(infoMsg)`

Some refactoring 2016-12-20 01:47:39 +03:00			`for filename in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):`
			`filename = filename.strip()`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Some refactoring 2016-12-20 01:47:39 +03:00			`if not filename:`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`continue`

Some refactoring 2016-12-20 01:47:39 +03:00			`snippet = getSQLSnippet(Backend.getDbms(), filename)`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00
Minor refactoring related to last couple of commits 2019-01-22 05:14:23 +03:00			`if snippet and all(query.strip().upper().startswith("SELECT") for query in (_ for _ in snippet.split(';' if ';' in snippet else '\n') if _)):`
			`for query in (_ for _ in snippet.split(';' if ';' in snippet else '\n') if _):`
More flexible --sql-file 2015-08-23 23:54:08 +03:00			`query = query.strip()`
			`if query:`
Minor update 2019-04-30 15:04:39 +03:00			`conf.dumper.sqlQuery(query, self.sqlQuery(query))`
More flexible --sql-file 2015-08-23 23:54:08 +03:00			`else:`
Minor update 2019-04-30 15:04:39 +03:00			`conf.dumper.sqlQuery(snippet, self.sqlQuery(snippet))`