changes regarding Feature #160

lib/controller/action.py

@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
 from lib.controller.handler import setHandler
 from lib.core.common import getHtmlErrorFp
+from lib.core.common import dataToStdout
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.exception import sqlmapUnsupportedDBMSException
@@ -64,7 +65,7 @@ def action():
 
         raise sqlmapUnsupportedDBMSException, errMsg
 
-    print "%s\n" % conf.dbmsHandler.getFingerprint()
+    dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint())
 
     # Techniques options
     if conf.stackedTest:

lib/controller/controller.py

@@ -42,8 +42,6 @@ from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.session import setInjection
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
-from lib.core.testing import smokeTest
-from lib.core.testing import liveTest
 from lib.utils.parenthesis import checkForParenthesis
 
 def __selectInjection(injData):
@@ -99,16 +97,6 @@ def start():
     if conf.optimize:
         conf.useCommonPrediction = conf.useNullConnection = conf.keepAlive = True
 
-
-    if conf.smokeTest:
-        smokeTest()
-
-    if conf.liveTest:
-        liveTest()
-
-    if conf.smokeTest or conf.liveTest:
-        return
-
     if conf.direct:
         initTargetEnv()
         setupTargetEnv()
@@ -173,7 +161,7 @@ def start():
             if conf.useNullConnection:
                 checkNullConnection()
 
-            if not conf.dropSetCookie:
+            if not conf.dropSetCookie and conf.cj:
                 for _, cookie in enumerate(conf.cj):
                     cookie = getUnicode(cookie)
                     index  = cookie.index(" for ")

lib/core/common.py

@@ -412,11 +412,12 @@ def filePathToString(filePath):
     return strRepl
 
 def dataToStdout(data):
-    try:
+    if conf.verbose > 0:
-        sys.stdout.write(data)
+        try:
-        sys.stdout.flush()
+            sys.stdout.write(data)
-    except UnicodeEncodeError:
+            sys.stdout.flush()
-        print data.encode(conf.dataEncoding)
+        except UnicodeEncodeError:
+            print data.encode(conf.dataEncoding)
 
 def dataToSessionFile(data):
     if not conf.sessionFile:
@@ -659,6 +660,7 @@ def setPaths():
     paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
     paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
     paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
+    paths.LIVE_TESTS_XML         = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
     paths.QUERIES_XML            = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
     paths.GENERIC_XML            = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
     paths.MSSQL_XML              = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml")

lib/core/option.py

@@ -1098,7 +1098,9 @@ def __setVerbosity():
 
     conf.verbose = int(conf.verbose)
 
-    if conf.verbose == 1:
+    if conf.verbose == 0:
+        logger.setLevel(logging.CRITICAL)
+    elif conf.verbose == 1:
         logger.setLevel(logging.INFO)
     elif conf.verbose > 2 and conf.eta:
         conf.verbose = 2
@@ -1173,7 +1175,7 @@ def init(inputOptions=advancedDict()):
     parseTargetUrl()
     parseTargetDirect()
 
-    if conf.url or conf.list or conf.requestFile or conf.googleDork:
+    if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest:
         __setHTTPTimeout()
         __setHTTPExtraHeaders()
         __setHTTPCookies()

lib/core/testing.py

@@ -21,15 +21,25 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
+import codecs
+import logging
 import os
+import re
 import sys
+import tempfile
 import time
 
+from xml.dom import minidom
+
+from lib.controller.controller import start
 from lib.core.common import dataToStdout
+from lib.core.common import getCompiledRegex
 from lib.core.common import getConsoleWidth
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.option import init
+from lib.parse.cmdline import cmdLineParser
 
 def smokeTest():
     """
@@ -80,4 +90,60 @@ def liveTest():
     """
     This will run the test of a program against the live testing environment
     """
-    pass
+    vars = {}
+    xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
+    livetests = minidom.parse(xfile).documentElement
+    xfile.close()
+    
+    global_ = livetests.getElementsByTagName("global")
+    if global_:
+        for item in global_:
+            for child in item.childNodes:
+                if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
+                    vars[child.tagName] = child.getAttribute("value")
+
+    for case in livetests.getElementsByTagName("case"):
+        log = []
+        session = []
+        switches = {}
+
+        if case.getElementsByTagName("switches"):
+            for child in case.getElementsByTagName("switches")[0].childNodes:
+                if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
+                    switches[child.tagName] = replaceVars(child.getAttribute("value"), vars)
+
+        if case.getElementsByTagName("log"):
+            for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"):
+                if item.hasAttribute("value"):
+                    log.append(replaceVars(item.getAttribute("value"), vars))
+
+        if case.getElementsByTagName("session"):
+            for item in case.getElementsByTagName("session")[0].getElementsByTagName("item"):
+                if item.hasAttribute("value"):
+                    session.append(replaceVars(item.getAttribute("value"), vars))
+
+        runCase(switches, log, session)
+
+def initCase():
+    paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp()
+    paths.SQLMAP_DUMP_PATH   = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
+    paths.SQLMAP_FILES_PATH  = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
+    cmdLineOptions = cmdLineParser()
+    cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False
+    init(cmdLineOptions)
+    conf.suppressOutput = True
+    logger.setLevel(logging.CRITICAL)
+
+def runCase(switches, log=None, session=None):
+    initCase()
+    for key, value in switches.items():
+        conf[key] = value
+    start()
+
+def replaceVars(item, vars):
+    retVal = item
+    if item and vars:
+        for var in re.findall(getCompiledRegex("\$\{([^}]+)\}"), item):
+            if var in vars:
+                retVal = retVal.replace("${%s}" % var, vars[var])
+    return retVal

sqlmap.py

@@ -54,6 +54,8 @@ from lib.core.exception import exceptionsTuple
 from lib.core.exception import unhandledException
 from lib.core.option import init
 from lib.core.profiling import profile
+from lib.core.testing import smokeTest
+from lib.core.testing import liveTest
 from lib.core.xmldump import closeDumper
 from lib.parse.cmdline import cmdLineParser
 
@@ -84,7 +86,11 @@ def main():
     try:
         init(cmdLineOptions)
         if conf.profile:
-            profile()
+            profile()            
+        elif conf.smokeTest:
+            smokeTest()
+        elif conf.liveTest:
+            liveTest()
         else:
             start()
     except exceptionsTuple, e:
@@ -107,7 +113,7 @@ def main():
     except:
         print
         errMsg = unhandledException()
-        logger.error(errMsg)
+        logger.critical(errMsg)
         traceback.print_exc()
         closeDumper(False, errMsg)
 

xml/livetests.xml

@@ -2,12 +2,19 @@
 
 <root>
     <global>
-        <host value="172.16.104.130"/>
+        <host value="192.168.228.130"/>
     </global>
-    <!-- Oracle -->
+    <!-- MySQL -->
     <case>
         <switches>
-            <url value="http://$host/sqlmap/oracle/get_int.php?id=1"/>
+            <url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/>
+            <getBanner value="True"/>
+        </switches>
+    </case>
+    <!-- Oracle
+    <case>
+        <switches>
+            <url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/>
             <extensiveFp value="True"/>
             <getUsers value="True"/>
         </switches>
@@ -20,4 +27,5 @@
             <item value="[DBMS][Oracle]"/>
         </session>
     </case>
+     -->
 </root>