sqlmap/lib/utils/safe2bin.py

104 lines
3.1 KiB
Python
Raw Permalink Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
"""
2023-01-03 01:24:59 +03:00
Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
"""
import binascii
import re
2011-04-15 17:51:06 +04:00
import string
import sys
2021-07-05 00:45:22 +03:00
PY3 = sys.version_info >= (3, 0)
if PY3:
2019-03-28 17:14:16 +03:00
xrange = range
2019-04-19 12:24:34 +03:00
text_type = str
2019-05-02 01:45:44 +03:00
string_types = (str,)
2019-05-03 00:51:54 +03:00
unichr = chr
2019-04-19 12:24:34 +03:00
else:
text_type = unicode
2019-05-02 01:45:44 +03:00
string_types = (basestring,)
2019-03-28 17:14:16 +03:00
# Regex used for recognition of hex encoded characters
HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
SAFE_ENCODE_SLASH_REPLACEMENTS = "\t\n\r\x0b\x0c"
2011-12-23 00:08:28 +04:00
# Characters that don't need to be safe encoded
2019-05-03 02:20:10 +03:00
SAFE_CHARS = "".join([_ for _ in string.printable.replace('\\', '') if _ not in SAFE_ENCODE_SLASH_REPLACEMENTS])
2011-12-23 00:08:28 +04:00
# Prefix used for hex encoded values
HEX_ENCODED_PREFIX = r"\x"
# Strings used for temporary marking of hex encoded prefixes (to prevent double encoding)
HEX_ENCODED_PREFIX_MARKER = "__HEX_ENCODED_PREFIX__"
# String used for temporary marking of slash characters
SLASH_MARKER = "__SLASH__"
2011-04-15 17:51:06 +04:00
def safecharencode(value):
"""
Returns safe representation of a given basestring value
2019-09-11 15:05:25 +03:00
>>> safecharencode(u'test123') == u'test123'
True
>>> safecharencode(u'test\x01\x02\xaf') == u'test\\\\x01\\\\x02\\xaf'
True
2011-04-15 17:51:06 +04:00
"""
retVal = value
2019-05-02 01:45:44 +03:00
if isinstance(value, string_types):
2019-04-19 12:24:34 +03:00
if any(_ not in SAFE_CHARS for _ in value):
retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER)
retVal = retVal.replace('\\', SLASH_MARKER)
2011-04-15 17:51:06 +04:00
2011-12-23 00:08:28 +04:00
for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
retVal = retVal.replace(char, repr(char).strip('\''))
2019-05-02 17:54:54 +03:00
for char in set(retVal):
if not (char in string.printable or isinstance(value, text_type) and ord(char) >= 160):
retVal = retVal.replace(char, '\\x%02x' % ord(char))
2013-01-16 17:16:22 +04:00
retVal = retVal.replace(SLASH_MARKER, "\\\\")
retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)
2011-04-15 17:51:06 +04:00
elif isinstance(value, list):
for i in xrange(len(value)):
retVal[i] = safecharencode(value[i])
return retVal
2013-01-16 17:16:22 +04:00
def safechardecode(value, binary=False):
"""
2011-04-15 17:51:06 +04:00
Reverse function to safecharencode
"""
retVal = value
2019-05-02 01:45:44 +03:00
if isinstance(value, string_types):
retVal = retVal.replace('\\\\', SLASH_MARKER)
while True:
match = re.search(HEX_ENCODED_CHAR_REGEX, retVal)
if match:
2019-05-03 00:51:54 +03:00
retVal = retVal.replace(match.group("result"), unichr(ord(binascii.unhexlify(match.group("result").lstrip("\\x")))))
else:
break
for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
retVal = retVal.replace(repr(char).strip('\''), char)
retVal = retVal.replace(SLASH_MARKER, '\\')
2013-01-16 17:16:22 +04:00
if binary:
2019-04-19 12:24:34 +03:00
if isinstance(retVal, text_type):
2021-07-05 00:45:22 +03:00
retVal = retVal.encode("utf8", errors="surrogatepass" if PY3 else "strict")
2013-01-16 17:16:22 +04:00
elif isinstance(value, (list, tuple)):
for i in xrange(len(value)):
retVal[i] = safechardecode(value[i])
return retVal