sqlmap/lib/utils/sqlalchemy.py

124 lines
4.4 KiB
Python
Raw Permalink Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
"""
2022-01-03 13:30:34 +03:00
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
"""
import imp
2013-05-29 17:49:09 +04:00
import logging
2013-04-15 17:36:10 +04:00
import os
2020-06-24 13:05:40 +03:00
import re
import sys
2016-12-06 17:43:09 +03:00
import traceback
import warnings
_sqlalchemy = None
try:
f, pathname, desc = imp.find_module("sqlalchemy", sys.path[1:])
2013-08-20 20:54:32 +04:00
_ = imp.load_module("sqlalchemy", f, pathname, desc)
if hasattr(_, "dialects"):
_sqlalchemy = _
warnings.simplefilter(action="ignore", category=_sqlalchemy.exc.SAWarning)
except ImportError:
pass
try:
import MySQLdb # used by SQLAlchemy in case of MySQL
warnings.filterwarnings("error", category=MySQLdb.Warning)
2019-12-23 14:14:40 +03:00
except (ImportError, AttributeError):
pass
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import SqlmapConnectionException
2013-04-15 17:36:10 +04:00
from lib.core.exception import SqlmapFilePathException
2018-12-23 11:57:50 +03:00
from lib.core.exception import SqlmapMissingDependence
from plugins.generic.connector import Connector as GenericConnector
2021-07-19 14:58:54 +03:00
from thirdparty import six
2019-05-19 08:52:38 +03:00
def getSafeExString(ex, encoding=None): # Cross-referenced function
raise NotImplementedError
class SQLAlchemy(GenericConnector):
2013-04-15 16:20:21 +04:00
def __init__(self, dialect=None):
GenericConnector.__init__(self)
2020-06-24 13:05:40 +03:00
2013-04-15 16:20:21 +04:00
self.dialect = dialect
2020-06-24 13:05:40 +03:00
self.address = conf.direct
if self.dialect:
self.address = re.sub(r"\A.+://", "%s://" % self.dialect, self.address)
2013-04-15 16:20:21 +04:00
def connect(self):
2013-04-15 16:20:21 +04:00
if _sqlalchemy:
self.initConnection()
try:
if not self.port and self.db:
2013-04-15 17:36:10 +04:00
if not os.path.exists(self.db):
2018-03-13 13:13:38 +03:00
raise SqlmapFilePathException("the provided database file '%s' does not exist" % self.db)
2013-04-15 17:36:10 +04:00
2020-06-24 13:05:40 +03:00
_ = self.address.split("//", 1)
self.address = "%s////%s" % (_[0], os.path.abspath(self.db))
2013-04-15 17:36:10 +04:00
2018-01-25 14:29:56 +03:00
if self.dialect == "sqlite":
2020-06-24 13:05:40 +03:00
engine = _sqlalchemy.create_engine(self.address, connect_args={"check_same_thread": False})
2018-01-25 14:29:56 +03:00
elif self.dialect == "oracle":
2020-06-24 13:05:40 +03:00
engine = _sqlalchemy.create_engine(self.address)
2018-01-25 14:29:56 +03:00
else:
2020-06-24 13:05:40 +03:00
engine = _sqlalchemy.create_engine(self.address, connect_args={})
2018-01-25 14:29:56 +03:00
self.connector = engine.connect()
2016-12-04 00:06:18 +03:00
except (TypeError, ValueError):
2016-12-06 17:43:09 +03:00
if "_get_server_version_info" in traceback.format_exc():
try:
import pymssql
if int(pymssql.__version__[0]) < 2:
raise SqlmapConnectionException("SQLAlchemy connection issue (obsolete version of pymssql ('%s') is causing problems)" % pymssql.__version__)
except ImportError:
pass
2017-09-01 15:29:52 +03:00
elif "invalid literal for int() with base 10: '0b" in traceback.format_exc():
raise SqlmapConnectionException("SQLAlchemy connection issue ('https://bitbucket.org/zzzeek/sqlalchemy/issues/3975')")
2019-09-09 12:15:13 +03:00
else:
pass
2013-04-15 17:36:10 +04:00
except SqlmapFilePathException:
raise
2019-01-22 03:20:27 +03:00
except Exception as ex:
2019-05-19 08:52:38 +03:00
raise SqlmapConnectionException("SQLAlchemy connection issue ('%s')" % getSafeExString(ex))
2013-04-15 16:20:21 +04:00
2013-04-15 16:31:27 +04:00
self.printConnected()
2018-12-23 11:57:50 +03:00
else:
2021-07-19 14:58:54 +03:00
raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')" % ('3' if six.PY3 else ""))
def fetchall(self):
try:
retVal = []
for row in self.cursor.fetchall():
retVal.append(tuple(row))
return retVal
2019-01-22 03:20:27 +03:00
except _sqlalchemy.exc.ProgrammingError as ex:
2019-05-19 08:52:38 +03:00
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
return None
def execute(self, query):
2021-03-25 19:29:14 +03:00
retVal = False
try:
self.cursor = self.connector.execute(query)
2021-03-25 19:29:14 +03:00
retVal = True
2019-01-22 03:20:27 +03:00
except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:
2019-05-19 08:52:38 +03:00
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
2019-01-22 03:20:27 +03:00
except _sqlalchemy.exc.InternalError as ex:
2019-05-19 08:52:38 +03:00
raise SqlmapConnectionException(getSafeExString(ex))
2021-03-25 19:29:14 +03:00
return retVal
def select(self, query):
2021-03-25 19:29:14 +03:00
retVal = None
if self.execute(query):
retVal = self.fetchall()
return retVal