sqlmap/lib/controller/handler.py

148 lines
5.8 KiB
Python
Raw Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2020-01-01 15:25:15 +03:00
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2008-10-15 19:38:22 +04:00
"""
from lib.core.common import Backend
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
2013-04-15 16:20:21 +04:00
from lib.core.dicts import DBMS_DICT
from lib.core.enums import DBMS
2018-11-02 18:18:08 +03:00
from lib.core.exception import SqlmapConnectionException
2008-10-15 19:38:22 +04:00
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import ORACLE_ALIASES
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import SQLITE_ALIASES
from lib.core.settings import ACCESS_ALIASES
from lib.core.settings import FIREBIRD_ALIASES
from lib.core.settings import MAXDB_ALIASES
2010-10-12 23:05:12 +04:00
from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES
from lib.core.settings import HSQLDB_ALIASES
2018-10-16 13:23:07 +03:00
from lib.core.settings import H2_ALIASES
from lib.core.settings import INFORMIX_ALIASES
2020-01-17 19:14:41 +03:00
from lib.core.settings import MONETDB_ALIASES
2020-01-20 17:33:45 +03:00
from lib.core.settings import DERBY_ALIASES
from lib.utils.sqlalchemy import SQLAlchemy
2008-10-15 19:38:22 +04:00
from plugins.dbms.mssqlserver import MSSQLServerMap
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
2008-10-15 19:38:22 +04:00
from plugins.dbms.mysql import MySQLMap
from plugins.dbms.mysql.connector import Connector as MySQLConn
2008-10-15 19:38:22 +04:00
from plugins.dbms.oracle import OracleMap
from plugins.dbms.oracle.connector import Connector as OracleConn
2008-10-15 19:38:22 +04:00
from plugins.dbms.postgresql import PostgreSQLMap
from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
from plugins.dbms.sqlite import SQLiteMap
from plugins.dbms.sqlite.connector import Connector as SQLiteConn
from plugins.dbms.access import AccessMap
from plugins.dbms.access.connector import Connector as AccessConn
from plugins.dbms.firebird import FirebirdMap
from plugins.dbms.firebird.connector import Connector as FirebirdConn
from plugins.dbms.maxdb import MaxDBMap
from plugins.dbms.maxdb.connector import Connector as MaxDBConn
2010-10-13 22:55:17 +04:00
from plugins.dbms.sybase import SybaseMap
from plugins.dbms.sybase.connector import Connector as SybaseConn
from plugins.dbms.db2 import DB2Map
from plugins.dbms.db2.connector import Connector as DB2Conn
from plugins.dbms.hsqldb import HSQLDBMap
from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
2018-10-16 13:23:07 +03:00
from plugins.dbms.h2 import H2Map
from plugins.dbms.h2.connector import Connector as H2Conn
from plugins.dbms.informix import InformixMap
from plugins.dbms.informix.connector import Connector as InformixConn
2020-01-17 19:14:41 +03:00
from plugins.dbms.monetdb import MonetDBMap
from plugins.dbms.monetdb.connector import Connector as MonetDBConn
2020-01-20 17:33:45 +03:00
from plugins.dbms.derby import DerbyMap
from plugins.dbms.derby.connector import Connector as DerbyConn
2008-10-15 19:38:22 +04:00
def setHandler():
"""
Detect which is the target web application back-end database
management system.
"""
items = [
(DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
(DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
(DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
(DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
(DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
(DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
(DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
(DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
(DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
(DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
(DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
2018-10-16 13:23:07 +03:00
(DBMS.H2, H2_ALIASES, H2Map, H2Conn),
(DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
2020-01-17 19:14:41 +03:00
(DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
2020-01-20 17:33:45 +03:00
(DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
]
2012-05-09 22:25:04 +04:00
2019-05-02 11:22:44 +03:00
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
2012-05-09 22:25:04 +04:00
if _:
2012-05-09 22:26:02 +04:00
items.remove(_)
items.insert(0, _)
2012-05-09 22:25:04 +04:00
2014-08-30 23:53:09 +04:00
for dbms, aliases, Handler, Connector in items:
if conf.forceDbms:
if conf.forceDbms.lower() not in aliases:
continue
else:
kb.dbms = conf.dbms = conf.forceDbms = dbms
2017-08-28 14:02:08 +03:00
if kb.dbmsFilter:
if dbms not in kb.dbmsFilter:
continue
2012-05-09 22:25:04 +04:00
handler = Handler()
conf.dbmsConnector = Connector()
2010-10-20 13:54:17 +04:00
2010-03-30 17:23:20 +04:00
if conf.direct:
2018-11-02 18:18:08 +03:00
exception = None
2014-08-30 23:53:09 +04:00
dialect = DBMS_DICT[dbms][3]
2013-04-15 16:20:21 +04:00
2013-07-01 14:26:57 +04:00
if dialect:
2018-11-02 18:18:08 +03:00
try:
sqlalchemy = SQLAlchemy(dialect=dialect)
sqlalchemy.connect()
if sqlalchemy.connector:
conf.dbmsConnector = sqlalchemy
2019-01-22 02:40:48 +03:00
except Exception as ex:
2018-11-02 18:18:08 +03:00
exception = ex
if not dialect or exception:
try:
conf.dbmsConnector.connect()
2019-01-22 02:40:48 +03:00
except Exception as ex:
2018-11-02 18:18:08 +03:00
if exception:
2019-05-07 17:09:28 +03:00
raise exception
2018-11-02 18:18:08 +03:00
else:
if not isinstance(ex, NameError):
raise
else:
msg = "support for direct connection to '%s' is not available. " % dbms
msg += "Please rerun with '--dependencies'"
raise SqlmapConnectionException(msg)
2008-10-15 19:38:22 +04:00
if conf.forceDbms == dbms or handler.checkDbms():
if kb.resolutionDbms:
conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
2018-11-27 01:40:47 +03:00
conf.dbmsHandler._dbms = kb.resolutionDbms
else:
conf.dbmsHandler = handler
2018-11-27 01:40:47 +03:00
conf.dbmsHandler._dbms = dbms
2017-02-27 15:58:07 +03:00
break
else:
conf.dbmsConnector = None
# At this point back-end DBMS is correctly fingerprinted, no need
# to enforce it anymore
Backend.flushForcedDbms()