diff --git a/lib/core/agent.py b/lib/core/agent.py index 31515c07e..6b7ad667a 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -20,15 +20,15 @@ from lib.core.common import singleTimeWarnMessage from lib.core.data import conf from lib.core.data import kb from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import DBMS from lib.core.enums import PAYLOAD from lib.core.enums import PLACE from lib.core.exception import sqlmapNoneDataException from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import GENERIC_SQL_COMMENT from lib.core.settings import PAYLOAD_DELIMITER -from lib.core.settings import SQL_STATEMENTS from lib.core.unescaper import unescaper class Agent: diff --git a/lib/core/common.py b/lib/core/common.py index 4625efd82..7c8c27d7c 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -56,6 +56,8 @@ from lib.core.convert import stdoutencode from lib.core.convert import unicodeencode from lib.core.convert import utf8encode from lib.core.decorators import cachedmethod +from lib.core.dicts import DBMS_DICT +from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.enums import EXPECTED @@ -84,7 +86,6 @@ from lib.core.settings import DUMMY_USER_INJECTION from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import DBMS_DICT from lib.core.settings import DBMS_DIRECTORY_DICT from lib.core.settings import DESCRIPTION from lib.core.settings import DUMMY_SQL_INJECTION_CHARS @@ -104,7 +105,6 @@ from lib.core.settings import USER_AGENT_ALIASES from lib.core.settings import PARTIAL_VALUE_MARKER from lib.core.settings import ERROR_PARSING_REGEXES from lib.core.settings import PRINTABLE_CHAR_REGEX -from lib.core.settings import SQL_STATEMENTS from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import DEFAULT_MSSQL_SCHEMA diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 60a380e6f..b92771ad9 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -5,6 +5,20 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +from lib.core.enums import DBMS +from lib.core.settings import BLANK +from lib.core.settings import NULL +from lib.core.settings import MSSQL_ALIASES +from lib.core.settings import MYSQL_ALIASES +from lib.core.settings import PGSQL_ALIASES +from lib.core.settings import ORACLE_ALIASES +from lib.core.settings import SQLITE_ALIASES +from lib.core.settings import ACCESS_ALIASES +from lib.core.settings import FIREBIRD_ALIASES +from lib.core.settings import MAXDB_ALIASES +from lib.core.settings import SYBASE_ALIASES +from lib.core.settings import DB2_ALIASES + firebirdTypes = { "261":"BLOB", "14":"CHAR", @@ -107,3 +121,75 @@ db2Privs = { 7: "SELECTAUTH", 8: "UPDATEAUTH" } + +dumpReplacements = {" ": NULL, "": BLANK} + +DBMS_DICT = { + DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), + DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "http://code.google.com/p/pymysql/"), + DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"), + DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"), + DBMS.SQLITE: (SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"), + DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"), + DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"), + DBMS.MAXDB: (MAXDB_ALIASES, None, None), + DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), + DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/") + } + +FROM_DUMMY_TABLE = { + DBMS.ORACLE: " FROM DUAL", + DBMS.ACCESS: " FROM MSysAccessObjects", + DBMS.FIREBIRD: " FROM RDB$DATABASE", + DBMS.MAXDB: " FROM VERSIONS", + DBMS.DB2: " FROM SYSIBM.SYSDUMMY1" + } + +SQL_STATEMENTS = { + "SQL SELECT statement": ( + "select ", + "show ", + " top ", + " distinct ", + " from ", + " from dual", + " where ", + " group by ", + " order by ", + " having ", + " limit ", + " offset ", + " union all ", + " rownum as ", + "(case ", ), + + "SQL data definition": ( + "create ", + "declare ", + "drop ", + "truncate ", + "alter ", ), + + "SQL data manipulation": ( + "bulk ", + "insert ", + "update ", + "delete ", + "merge ", + "load ", ), + + "SQL data control": ( + "grant ", + "revoke ", ), + + "SQL data execution": ( + "exec ", + "execute ", ), + + "SQL transaction": ( + "start transaction ", + "begin work ", + "begin transaction ", + "commit ", + "rollback ", ), + } diff --git a/lib/core/dump.py b/lib/core/dump.py index 20345fab3..52a30b85f 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -24,12 +24,11 @@ from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.dicts import dumpReplacements from lib.core.enums import DBMS from lib.core.exception import sqlmapGenericException from lib.core.exception import sqlmapValueException from lib.core.replication import Replication -from lib.core.settings import BLANK -from lib.core.settings import NULL from lib.core.settings import TRIM_STDOUT_DUMP_SIZE from lib.core.settings import UNICODE_ENCODING @@ -445,7 +444,7 @@ class Dump: value = u'' else: value = getUnicode(info["values"][i]) - value = {" ": NULL, "": BLANK}.get(value, value) + value = dumpReplacements.get(value, value) values.append(value) maxlength = int(info["length"]) diff --git a/lib/core/option.py b/lib/core/option.py index 046230ffb..302de7df7 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -58,6 +58,7 @@ from lib.core.data import queries from lib.core.datatype import AttribDict from lib.core.datatype import InjectionDict from lib.core.defaults import defaults +from lib.core.dicts import DBMS_DICT from lib.core.enums import CUSTOM_LOGGING from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPMETHOD @@ -90,7 +91,6 @@ from lib.core.settings import IS_WIN from lib.core.settings import NULL from lib.core.settings import PYVERSION from lib.core.settings import SITE -from lib.core.settings import DBMS_DICT from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_OS from lib.core.settings import VERSION_STRING diff --git a/lib/core/settings.py b/lib/core/settings.py index 88f4ca24c..3bf466d1f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -161,80 +161,10 @@ DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) f SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES SUPPORTED_OS = ( "linux", "windows" ) -DBMS_DICT = { - DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), - DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "http://code.google.com/p/pymysql/"), - DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"), - DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"), - DBMS.SQLITE: (SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"), - DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"), - DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"), - DBMS.MAXDB: (MAXDB_ALIASES, None, None), - DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), - DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/") - } - USER_AGENT_ALIASES = ( "ua", "useragent", "user-agent" ) REFERER_ALIASES = ( "ref", "referer", "referrer" ) HOST_ALIASES = ( "host", ) -FROM_DUMMY_TABLE = { - DBMS.ORACLE: " FROM DUAL", - DBMS.ACCESS: " FROM MSysAccessObjects", - DBMS.FIREBIRD: " FROM RDB$DATABASE", - DBMS.MAXDB: " FROM VERSIONS", - DBMS.DB2: " FROM SYSIBM.SYSDUMMY1" - } - -SQL_STATEMENTS = { - "SQL SELECT statement": ( - "select ", - "show ", - " top ", - " distinct ", - " from ", - " from dual", - " where ", - " group by ", - " order by ", - " having ", - " limit ", - " offset ", - " union all ", - " rownum as ", - "(case ", ), - - "SQL data definition": ( - "create ", - "declare ", - "drop ", - "truncate ", - "alter ", ), - - "SQL data manipulation": ( - "bulk ", - "insert ", - "update ", - "delete ", - "merge ", - "load ", ), - - "SQL data control": ( - "grant ", - "revoke ", ), - - "SQL data execution": ( - "exec ", - "execute ", ), - - "SQL transaction": ( - "start transaction ", - "begin work ", - "begin transaction ", - "commit ", - "rollback ", ), - } - # items displayed in basic help (-h) output BASIC_HELP_ITEMS = ( "url", diff --git a/lib/request/direct.py b/lib/request/direct.py index 82da66a05..5904f57c8 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -19,8 +19,8 @@ from lib.core.common import isListLike from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import DBMS -from lib.core.settings import SQL_STATEMENTS from lib.core.settings import UNICODE_ENCODING from lib.utils.timeout import timeout diff --git a/lib/request/inject.py b/lib/request/inject.py index 0f1e423d0..89436d6de 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -33,13 +33,13 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.enums import EXPECTED from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import sqlmapUserQuitException -from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MAX_TECHNIQUES_PER_VALUE from lib.core.settings import SQL_SCALAR_REGEX diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 9a3f8eb1b..9b5d19557 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -10,8 +10,8 @@ from lib.core.common import randomInt from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.exception import sqlmapNotVulnerableException -from lib.core.settings import FROM_DUMMY_TABLE from lib.techniques.dns.use import dnsUse diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index fada39c40..2e9f20af2 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -30,10 +30,10 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS from lib.core.enums import PAYLOAD from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD -from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH from lib.core.settings import NULL diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 12a683b8f..7f37f49e3 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -26,8 +26,8 @@ from lib.core.common import wasLastRequestDBMSError from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import PAYLOAD -from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import UNION_MIN_RESPONSE_CHARS from lib.core.settings import UNION_STDEV_COEFF from lib.core.settings import MIN_RATIO diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 435fdab77..1eb68bdbb 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -36,10 +36,10 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapSyntaxException -from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import SQL_SCALAR_REGEX from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT from lib.core.threads import getCurrentThreadData diff --git a/lib/utils/deps.py b/lib/utils/deps.py index 13f5abc03..7c895b5dd 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -6,8 +6,8 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.data import logger +from lib.core.dicts import DBMS_DICT from lib.core.enums import DBMS -from lib.core.settings import DBMS_DICT from lib.core.settings import IS_WIN def checkDependencies(): diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 83553f514..89102a9ab 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -16,9 +16,9 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import PAYLOAD from lib.core.settings import PARAMETER_SPLITTING_REGEX -from lib.core.settings import SQL_STATEMENTS from lib.core.shell import autoCompletion from lib.request import inject diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index afca40947..a24cb12ed 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -27,6 +27,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.dicts import dumpReplacements from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.enums import EXPECTED @@ -35,7 +36,6 @@ from lib.core.exception import sqlmapConnectionException from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapUnsupportedFeatureException -from lib.core.settings import BLANK from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD from lib.core.settings import CURRENT_DB from lib.core.settings import MAX_INT @@ -294,10 +294,8 @@ class Entries: entriesCount = len(entries) for index, column in enumerate(colList): - colLen = len(column) - if column not in kb.data.dumpedTable: - kb.data.dumpedTable[column] = {"length": colLen, "values": BigArray()} + kb.data.dumpedTable[column] = {"length": len(column), "values": BigArray()} for entry in entries: if entry is None or len(entry) == 0: @@ -308,8 +306,8 @@ class Entries: else: colEntry = unArrayizeValue(entry[index]) if index < len(entry) else u'' - colEntryLen = len({" ": NULL, "": BLANK}.get(getUnicode(colEntry), getUnicode(colEntry))) - maxLen = max(colLen, colEntryLen) + _ = len(dumpReplacements.get(getUnicode(colEntry), getUnicode(colEntry))) + maxLen = max(len(column), _) if maxLen > kb.data.dumpedTable[column]["length"]: kb.data.dumpedTable[column]["length"] = maxLen @@ -410,7 +408,8 @@ class Entries: value = NULL if column in emptyColumns else inject.getValue(query, inband=False, error=False, dump=True) - lengths[column] = max(lengths[column], len(value) if value else 0) + _ = dumpReplacements.get(getUnicode(value), getUnicode(value)) + lengths[column] = max(lengths[column], len(_)) entries[column].append(value) except KeyboardInterrupt: