From 428e817a3251256374464ba45f95e5849359eafe Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 1 Jan 2011 23:57:27 +0000 Subject: [PATCH] some refactoring --- lib/controller/checks.py | 9 +++++---- lib/controller/handler.py | 3 ++- lib/core/common.py | 7 +++++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 6c87e5da7..4ad0848af 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -16,6 +16,7 @@ from lib.core.common import beep from lib.core.common import extractRegexResult from lib.core.common import findDynamicContent from lib.core.common import getCompiledRegex +from lib.core.common import getErrorParsedDBMS from lib.core.common import getInjectionTests from lib.core.common import getUnicode from lib.core.common import popValue @@ -139,9 +140,9 @@ def checkSqlInjection(place, parameter, value): continue - if kb.htmlFp and kb.htmlFp[-1] and kb.htmlFp[-1] != dbms\ + if getErrorParsedDBMS() and getErrorParsedDBMS() != dbms\ and kb.skipTests is None: - message = "heuristic test showed that the back-end DBMS could be '%s'." % kb.htmlFp[-1] + message = "heuristic test showed that the back-end DBMS could be '%s'." % getErrorParsedDBMS() message += " do you want to skip test payloads specific for other DBMSes? [Y/n]" kb.skipTests = conf.realTest or readInput(message, default="Y") not in ("n", "N") @@ -149,7 +150,7 @@ def checkSqlInjection(place, parameter, value): debugMsg = "skipping test '%s' because " % title debugMsg += "the heuristic test showed that " debugMsg += "the back-end DBMS could be " - debugMsg += "%s" % kb.htmlFp[-1] + debugMsg += "%s" % getErrorParsedDBMS() logger.debug(debugMsg) continue @@ -472,7 +473,7 @@ def heuristicCheckSqlInjection(place, parameter, value): infoMsg += "parameter '%s' might " % parameter if result: - infoMsg += "be injectable (possible DBMS: %s)" % (kb.htmlFp[-1] if kb.htmlFp else 'Unknown') + infoMsg += "be injectable (possible DBMS: %s)" % (getErrorParsedDBMS() or 'Unknown') logger.info(infoMsg) else: infoMsg += "not be injectable" diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 9d37b8878..9545ab447 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ +from lib.core.common import getErrorParsedDBMS from lib.core.common import popValue from lib.core.common import pushValue from lib.core.data import conf @@ -62,7 +63,7 @@ def setHandler(): ( SYBASE_ALIASES, SybaseMap, SybaseConn ), ] - inferencedDbms = (kb.htmlFp[-1] if kb.htmlFp else None) or kb.dbms + inferencedDbms = getErrorParsedDBMS() or kb.dbms for injection in kb.injections: if hasattr(injection, "dbms") and injection.dbms: diff --git a/lib/core/common.py b/lib/core/common.py index 94e561a0d..a09bb855d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1919,8 +1919,8 @@ def getInjectionTests(): detected DBMS from error messages """ retVal = conf.tests - if kb.htmlFp: - dbms = kb.htmlFp[-1] + if getErrorParsedDBMS(): + dbms = getErrorParsedDBMS() retVal = sorted(retVal, key=lambda test: False\ if 'details' in test and 'dbms' in test.details\ and test.details.dbms == dbms else True) @@ -1953,3 +1953,6 @@ def unicodeToSafeHTMLValue(value): if ord(char) > 127: retVal = retVal.replace(char, "&#%d;" % ord(char)) return retVal + +def getErrorParsedDBMS(): + return kb.htmlFp[0] if kb.htmlFp else None