2010-03-23 01:57:57 +03:00
#!/usr/bin/env python
"""
2012-07-12 21:38:03 +04:00
Copyright ( c ) 2006 - 2012 sqlmap developers ( http : / / sqlmap . org / )
2010-10-15 03:18:29 +04:00
See the file ' doc/COPYING ' for copying permission
2010-03-23 01:57:57 +03:00
"""
2012-12-06 17:14:19 +04:00
from lib . core . exception import SqlmapSyntaxException
2010-03-23 01:57:57 +03:00
from plugins . generic . syntax import Syntax as GenericSyntax
class Syntax ( GenericSyntax ) :
def __init__ ( self ) :
GenericSyntax . __init__ ( self )
@staticmethod
def unescape ( expression , quote = True ) :
2012-10-25 12:41:16 +04:00
"""
Note : PostgreSQL has a general problem with concenation operator ( | | ) precedence ( hence the parentheses enclosing )
e . g . SELECT 1 WHERE ' a ' != ' a ' | | ' b ' will trigger error ( " argument of WHERE must be type boolean, not type text " )
"""
2010-03-23 01:57:57 +03:00
if quote :
while True :
index = expression . find ( " ' " )
if index == - 1 :
break
firstIndex = index + 1
index = expression [ firstIndex : ] . find ( " ' " )
if index == - 1 :
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( " Unenclosed ' in ' %s ' " % expression )
2010-03-23 01:57:57 +03:00
lastIndex = firstIndex + index
old = " ' %s ' " % expression [ firstIndex : lastIndex ]
2012-10-25 12:41:16 +04:00
unescaped = " ( %s ) " % " || " . join ( " CHR( %d ) " % ( ord ( expression [ i ] ) ) for i in xrange ( firstIndex , lastIndex ) ) # Postgres CHR() function already accepts Unicode code point of character(s)
2010-03-23 01:57:57 +03:00
expression = expression . replace ( old , unescaped )
else :
2012-10-25 12:41:16 +04:00
expression = " ( %s ) " % " || " . join ( " CHR( %d ) " % ord ( c ) for c in expression )
2010-03-23 01:57:57 +03:00
return expression
@staticmethod
def escape ( expression ) :
while True :
index = expression . find ( " CHR( " )
if index == - 1 :
break
firstIndex = index
index = expression [ firstIndex : ] . find ( " )) " )
if index == - 1 :
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( " Unenclosed ) in ' %s ' " % expression )
2010-03-23 01:57:57 +03:00
lastIndex = firstIndex + index + 1
old = expression [ firstIndex : lastIndex ]
oldUpper = old . upper ( )
oldUpper = oldUpper . replace ( " CHR( " , " " ) . replace ( " ) " , " " )
oldUpper = oldUpper . split ( " || " )
2011-11-21 00:14:47 +04:00
escaped = " ' %s ' " % " " . join ( chr ( int ( char ) ) for char in oldUpper )
2010-03-23 01:57:57 +03:00
expression = expression . replace ( old , escaped )
return expression