more work on #33

2025-02-03 05:04:11 +03:00 · 2012-07-10 00:53:07 +01:00 · 2012-07-10 00:53:07 +01:00 · 2527554f8e
commit 2527554f8e
parent c4af7b9aa0
3 changed files with 15 additions and 6 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1548,8 +1548,11 @@ def getSQLSnippet(dbms, sfile, **variables):
    Returns content of SQL snippet located inside 'procs/' directory
    """

-    filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
-    checkFile(filename)
+    if os.path.exists(sfile):
+        filename = sfile
+    else:
+        filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
+        checkFile(filename)

    retVal = readCachedFileContent(filename)
    retVal = re.sub(r"#.+", "", retVal)
@ -1564,10 +1567,10 @@ def getSQLSnippet(dbms, sfile, **variables):
    for _ in re.findall(r"%RANDINT\d+%", retVal, re.I):
        retVal = retVal.replace(_, randomInt())

-    _ = re.search(r"%(\w+)%", retVal, re.I)
+    _ = re.findall(r"%(\w+)%", retVal, re.I)

    if _:
-        errMsg = "unresolved variable '%s' in SQL file '%s'" % (_.group(1), sfile)
+        errMsg = "unresolved variable%s '%s' in SQL file '%s'" % ("s" if len(_) > 1 else "", ", ".join(_), sfile)
        raise sqlmapGenericException, errMsg

    return retVal
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -799,7 +799,7 @@ def __setTamperingFunctions():
            try:
                module = __import__(filename[:-3])
            except ImportError, msg:
-                raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
+                raise sqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)

            priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__

--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -62,6 +62,7 @@ from lib.core.settings import CONCAT_VALUE_DELIMITER
 from lib.core.settings import CURRENT_DB
 from lib.core.settings import MAX_INT
 from lib.core.settings import NULL
+from lib.core.settings import PARAMETER_SPLITTING_REGEX
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.shell import autoCompletion
 from lib.core.threads import getCurrentThreadData
@ -2476,4 +2477,9 @@ class Enumeration:
            if not sfile:
                continue

-            self.sqlQuery(getSQLSnippet(Backend.getDbms(), sfile))
+            queries = getSQLSnippet(Backend.getDbms(), sfile)
+
+            infoMsg = "executing SQL statements from file '%s'" % sfile
+            logger.info(infoMsg)
+
+            self.sqlQuery(queries)