further updates

2025-02-02 20:54:13 +03:00 · 2010-10-06 22:43:04 +00:00 · 2010-10-06 22:43:04 +00:00 · 1bf8939e2f
commit 1bf8939e2f
parent de6fa1247b
4 changed files with 19 additions and 22 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -22,18 +22,16 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-import codecs
 import re
 import socket
 import time

-from xml.dom import minidom
-
 from lib.core.agent import agent
 from lib.core.common import getUnicode
 from lib.core.common import preparePageForLineComparison
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.common import readXmlFile
 from lib.core.common import DynamicContentItem
 from lib.core.convert import md5hash
 from lib.core.data import conf
@ -69,18 +67,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
        if conf.postfix:
            postfix = conf.postfix

-    f = codecs.open(paths.INJECTIONS_XML, 'r', conf.dataEncoding)
-    injections = minidom.parse(f).documentElement
-    f.close()
+    injections = readXmlFile(paths.INJECTIONS_XML)

    for case in injections.getElementsByTagName("case"):
        tag = case.getAttribute("tag")
        desc = case.getAttribute("desc")

-        infoMsg  = "testing %s injection " % desc
-        infoMsg += "on %s parameter '%s'" % (place, parameter)
-        logger.info(infoMsg)
-
        positive = case.getElementsByTagName("positive")[0]
        negative = case.getElementsByTagName("negative")[0]

@ -90,6 +82,10 @@ def checkSqlInjection(place, parameter, value, parenthesis):
        if not prefix and not postfix and tag == "custom":
            continue

+        infoMsg  = "testing %s injection " % desc
+        infoMsg += "on %s parameter '%s'" % (place, parameter)
+        logger.info(infoMsg)
+        
        payload = agent.payload(place, parameter, value, format % eval(params))

        trueResult = Request.queryPage(payload, place)
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -44,6 +44,7 @@ from subprocess import Popen as execute
 from tempfile import NamedTemporaryFile
 from tempfile import mkstemp
 from xml.etree import ElementTree as ET
+from xml.dom import minidom
 from xml.sax import parse

 from extra.cloak.cloak import decloak
@ -1218,6 +1219,7 @@ def getConsoleWidth(default=80):
    return width if width else default

 def parseXmlFile(xmlFile, handler):
+    checkFile(xmlFile)  
    xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding)
    content = xfile.read()
    stream = StringIO(content)
@ -1225,6 +1227,13 @@ def parseXmlFile(xmlFile, handler):
    stream.close()
    xfile.close()

+def readXmlFile(xmlFile):
+    checkFile(xmlFile)  
+    xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
+    retVal = minidom.parse(xfile).documentElement
+    xfile.close()
+    return retVal
+
 def calculateDeltaSeconds(start, epsilon=0.05):
    """
    Returns elapsed time from start till now (including expected
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -21,7 +21,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-import codecs
 import doctest
 import logging
 import os
@ -31,12 +30,11 @@ import sys
 import tempfile
 import time

-from xml.dom import minidom
-
 from lib.controller.controller import start
 from lib.core.common import dataToStdout
 from lib.core.common import getCompiledRegex
 from lib.core.common import getConsoleWidth
+from lib.core.common import readXmlFile
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.data import paths
@ -112,9 +110,7 @@ def liveTest():
    count = 0
    global_ = {}
    vars_ = {}
-    xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
-    livetests = minidom.parse(xfile).documentElement
-    xfile.close()
+    livetests = readXmlFile(paths.LIVE_TESTS_XML)
    length = len(livetests.getElementsByTagName("case"))

    element = livetests.getElementsByTagName("global")
--- a/lib/utils/detection.py
+++ b/lib/utils/detection.py
@ -22,13 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-import codecs
 import re
 import sre_constants

-from xml.dom import minidom
-
 from lib.core.common import getCompiledRegex
+from lib.core.common import readXmlFile
 from lib.core.data import conf
 from lib.core.data import paths
 from lib.core.data import logger
@ -53,9 +51,7 @@ def checkPayload(string):
    global rules

    if not rules:
-        xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding)
-        xmlrules = minidom.parse(xfile).documentElement
-        xfile.close()
+        xmlrules = readXmlFile(paths.DETECTION_RULES_XML)
        rules = []

        for xmlrule in xmlrules.getElementsByTagName("filter"):