mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
some refactoring
This commit is contained in:
parent
212035e64d
commit
428e817a32
|
@ -16,6 +16,7 @@ from lib.core.common import beep
|
|||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import findDynamicContent
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getErrorParsedDBMS
|
||||
from lib.core.common import getInjectionTests
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import popValue
|
||||
|
@ -139,9 +140,9 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
continue
|
||||
|
||||
if kb.htmlFp and kb.htmlFp[-1] and kb.htmlFp[-1] != dbms\
|
||||
if getErrorParsedDBMS() and getErrorParsedDBMS() != dbms\
|
||||
and kb.skipTests is None:
|
||||
message = "heuristic test showed that the back-end DBMS could be '%s'." % kb.htmlFp[-1]
|
||||
message = "heuristic test showed that the back-end DBMS could be '%s'." % getErrorParsedDBMS()
|
||||
message += " do you want to skip test payloads specific for other DBMSes? [Y/n]"
|
||||
kb.skipTests = conf.realTest or readInput(message, default="Y") not in ("n", "N")
|
||||
|
||||
|
@ -149,7 +150,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "the heuristic test showed that "
|
||||
debugMsg += "the back-end DBMS could be "
|
||||
debugMsg += "%s" % kb.htmlFp[-1]
|
||||
debugMsg += "%s" % getErrorParsedDBMS()
|
||||
logger.debug(debugMsg)
|
||||
|
||||
continue
|
||||
|
@ -472,7 +473,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
|
|||
infoMsg += "parameter '%s' might " % parameter
|
||||
|
||||
if result:
|
||||
infoMsg += "be injectable (possible DBMS: %s)" % (kb.htmlFp[-1] if kb.htmlFp else 'Unknown')
|
||||
infoMsg += "be injectable (possible DBMS: %s)" % (getErrorParsedDBMS() or 'Unknown')
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
infoMsg += "not be injectable"
|
||||
|
|
|
@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import getErrorParsedDBMS
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.data import conf
|
||||
|
@ -62,7 +63,7 @@ def setHandler():
|
|||
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
|
||||
]
|
||||
|
||||
inferencedDbms = (kb.htmlFp[-1] if kb.htmlFp else None) or kb.dbms
|
||||
inferencedDbms = getErrorParsedDBMS() or kb.dbms
|
||||
|
||||
for injection in kb.injections:
|
||||
if hasattr(injection, "dbms") and injection.dbms:
|
||||
|
|
|
@ -1919,8 +1919,8 @@ def getInjectionTests():
|
|||
detected DBMS from error messages
|
||||
"""
|
||||
retVal = conf.tests
|
||||
if kb.htmlFp:
|
||||
dbms = kb.htmlFp[-1]
|
||||
if getErrorParsedDBMS():
|
||||
dbms = getErrorParsedDBMS()
|
||||
retVal = sorted(retVal, key=lambda test: False\
|
||||
if 'details' in test and 'dbms' in test.details\
|
||||
and test.details.dbms == dbms else True)
|
||||
|
@ -1953,3 +1953,6 @@ def unicodeToSafeHTMLValue(value):
|
|||
if ord(char) > 127:
|
||||
retVal = retVal.replace(char, "&#%d;" % ord(char))
|
||||
return retVal
|
||||
|
||||
def getErrorParsedDBMS():
|
||||
return kb.htmlFp[0] if kb.htmlFp else None
|
||||
|
|
Loading…
Reference in New Issue
Block a user