some fixes

This commit is contained in:
Miroslav Stampar 2011-06-16 13:41:02 +00:00
parent 7733e5866a
commit 0eeb48f8f5
4 changed files with 27 additions and 27 deletions

View File

@ -2549,7 +2549,7 @@ def normalizeUnicode(value):
def safeSQLIdentificatorNaming(name, isTable=False): def safeSQLIdentificatorNaming(name, isTable=False):
""" """
Returns a safe representation of SQL identificator name Returns a safe representation of SQL identificator name (internal data format)
""" """
retVal = name retVal = name

View File

@ -123,7 +123,7 @@ class Enumeration(GenericEnumeration):
raise sqlmapNoneDataException, errMsg raise sqlmapNoneDataException, errMsg
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
rootQuery = queries[Backend.getIdentifiedDbms()].columns rootQuery = queries[Backend.getIdentifiedDbms()].columns
@ -151,7 +151,7 @@ class Enumeration(GenericEnumeration):
columns = {} columns = {}
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]): for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
columns[columnname] = "%s(%s)" % (datatype, length) columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
table[tbl] = columns table[tbl] = columns
kb.data.cachedColumns[conf.db] = table kb.data.cachedColumns[conf.db] = table

View File

@ -212,8 +212,8 @@ class Enumeration(GenericEnumeration):
if colList: if colList:
table = {} table = {}
table[unsafeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList)) table[safeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
continue continue
infoMsg = "fetching columns " infoMsg = "fetching columns "
@ -233,8 +233,8 @@ class Enumeration(GenericEnumeration):
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]): for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
columns[name] = sybaseTypes.get(type_, type_) columns[name] = sybaseTypes.get(type_, type_)
table[unsafeSQLIdentificatorNaming(tbl)] = columns table[safeSQLIdentificatorNaming(tbl)] = columns
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
break break

View File

@ -1005,9 +1005,9 @@ class Enumeration:
columns[colName] = colType columns[colName] = colType
if conf.db in kb.data.cachedColumns: if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else: else:
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = {unsafeSQLIdentificatorNaming(tbl): columns} kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
return kb.data.cachedColumns return kb.data.cachedColumns
@ -1086,10 +1086,10 @@ class Enumeration:
columns[name] = columnData[1] columns[name] = columnData[1]
if conf.db in kb.data.cachedColumns: if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else: else:
table[unsafeSQLIdentificatorNaming(tbl)] = columns table[safeSQLIdentificatorNaming(tbl, True)] = columns
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
if not kb.data.cachedColumns and not conf.direct: if not kb.data.cachedColumns and not conf.direct:
for tbl in tblList: for tbl in tblList:
@ -1208,10 +1208,10 @@ class Enumeration:
if columns: if columns:
if conf.db in kb.data.cachedColumns: if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else: else:
table[unsafeSQLIdentificatorNaming(tbl)] = columns table[safeSQLIdentificatorNaming(tbl, True)] = columns
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
if not kb.data.cachedColumns: if not kb.data.cachedColumns:
errMsg = "unable to retrieve the columns for any " errMsg = "unable to retrieve the columns for any "
@ -1261,13 +1261,13 @@ class Enumeration:
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=2) count = inject.getValue(query, expected=EXPECTED.INT, charsetType=2)
if count is not None and isinstance(count, basestring) and count.isdigit(): if count is not None and isinstance(count, basestring) and count.isdigit():
if unsafeSQLIdentificatorNaming(db) not in kb.data.cachedCounts: if safeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)] = {} kb.data.cachedCounts[safeSQLIdentificatorNaming(db)] = {}
if int(count) in kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)]: if int(count) in kb.data.cachedCounts[safeSQLIdentificatorNaming(db)]:
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)].append(unsafeSQLIdentificatorNaming(table)) kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)].append(safeSQLIdentificatorNaming(table, True))
else: else:
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)] = [unsafeSQLIdentificatorNaming(table)] kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)] = [safeSQLIdentificatorNaming(table, True)]
def getCount(self): def getCount(self):
if not conf.tbl: if not conf.tbl:
@ -1481,10 +1481,10 @@ class Enumeration:
self.getColumns(onlyColNames=True) self.getColumns(onlyColNames=True)
try: try:
if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
or unsafeSQLIdentificatorNaming(tbl) not in \ or safeSQLIdentificatorNaming(tbl, True) not in \
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \ kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] \
or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]: or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]:
warnMsg = "unable to enumerate the columns for table " warnMsg = "unable to enumerate the columns for table "
warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl) warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db) warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db)
@ -1492,7 +1492,7 @@ class Enumeration:
continue continue
colList = kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)].keys() colList = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)].keys()
colString = ", ".join(column for column in colList) colString = ", ".join(column for column in colList)
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
@ -1678,8 +1678,8 @@ class Enumeration:
if len(kb.data.dumpedTable) > 0: if len(kb.data.dumpedTable) > 0:
kb.data.dumpedTable["__infos__"] = { "count": entriesCount, kb.data.dumpedTable["__infos__"] = { "count": entriesCount,
"table": unsafeSQLIdentificatorNaming(tbl), "table": safeSQLIdentificatorNaming(tbl, True),
"db": unsafeSQLIdentificatorNaming(conf.db) } "db": safeSQLIdentificatorNaming(conf.db) }
attackDumpedTable() attackDumpedTable()
conf.dumper.dbTableValues(kb.data.dumpedTable) conf.dumper.dbTableValues(kb.data.dumpedTable)