mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	code cleanup
This commit is contained in:
		
							parent
							
								
									41ccf88990
								
							
						
					
					
						commit
						526aacb640
					
				|  | @ -57,7 +57,7 @@ def main(src, dst): | ||||||
|     # with the returned data |     # with the returned data | ||||||
|     try: |     try: | ||||||
|         sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) |         sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) | ||||||
|     except socket.error, e: |     except socket.error: | ||||||
|         sys.stderr.write('You need to run icmpsh master with administrator privileges\n') |         sys.stderr.write('You need to run icmpsh master with administrator privileges\n') | ||||||
|         sys.exit(1) |         sys.exit(1) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,11 +1,11 @@ | ||||||
| #!/usr/bin/env python | #!/usr/bin/env python | ||||||
| 
 | 
 | ||||||
|  | 
 | ||||||
| """ | """ | ||||||
| $Id$ | $Id$ | ||||||
| 
 | 
 | ||||||
| Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) | Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) | ||||||
| See the file 'doc/COPYING' for copying permission | See the file 'doc/COPYING' for copying permission | ||||||
| """ |  | ||||||
| 
 | 
 | ||||||
| # Removes duplicate entries in wordlist like files | # Removes duplicate entries in wordlist like files | ||||||
| 
 | 
 | ||||||
|  | @ -34,4 +34,3 @@ if len(sys.argv) > 0: | ||||||
| 
 | 
 | ||||||
| f = open(sys.argv[1], 'w+') | f = open(sys.argv[1], 'w+') | ||||||
| f.writelines("\n".join(items)) | f.writelines("\n".join(items)) | ||||||
|     f.close() |  | ||||||
|  |  | ||||||
|  | @ -46,7 +46,6 @@ mainly to merge bug fixes found in Sourceforge | ||||||
| 
 | 
 | ||||||
| import socket | import socket | ||||||
| import struct | import struct | ||||||
| import sys |  | ||||||
| 
 | 
 | ||||||
| PROXY_TYPE_SOCKS4 = 1 | PROXY_TYPE_SOCKS4 = 1 | ||||||
| PROXY_TYPE_SOCKS5 = 2 | PROXY_TYPE_SOCKS5 = 2 | ||||||
|  |  | ||||||
|  | @ -559,7 +559,7 @@ class Agent: | ||||||
|         inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix) |         inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix) | ||||||
| 
 | 
 | ||||||
|         if limited: |         if limited: | ||||||
|             inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, xrange(0, count))) |             inbandQuery += ",".join(char if _ != position else '(SELECT %s)' % query for _ in xrange(0, count)) | ||||||
|             inbandQuery += FROM_TABLE.get(Backend.getIdentifiedDbms(), "") |             inbandQuery += FROM_TABLE.get(Backend.getIdentifiedDbms(), "") | ||||||
|             inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) |             inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -2346,15 +2346,12 @@ def findDynamicContent(firstPage, secondPage): | ||||||
|     kb.dynamicMarkings = [] |     kb.dynamicMarkings = [] | ||||||
| 
 | 
 | ||||||
|     # Removing too small matching blocks |     # Removing too small matching blocks | ||||||
|     while block in blocks[:]: |     for block in blocks[:]: | ||||||
|         (_, _, length) = block |         (_, _, length) = block | ||||||
| 
 | 
 | ||||||
|         if length <= DYNAMICITY_MARK_LENGTH: |         if length <= DYNAMICITY_MARK_LENGTH: | ||||||
|             blocks.remove(block) |             blocks.remove(block) | ||||||
| 
 | 
 | ||||||
|         else: |  | ||||||
|             i += 1 |  | ||||||
| 
 |  | ||||||
|     # Making of dynamic markings based on prefix/suffix principle |     # Making of dynamic markings based on prefix/suffix principle | ||||||
|     if len(blocks) > 0: |     if len(blocks) > 0: | ||||||
|         blocks.insert(0, None) |         blocks.insert(0, None) | ||||||
|  | @ -2965,7 +2962,7 @@ def safeCSValue(value): | ||||||
| 
 | 
 | ||||||
|     if retVal and isinstance(retVal, basestring): |     if retVal and isinstance(retVal, basestring): | ||||||
|         if not (retVal[0] == retVal[-1] == '"'): |         if not (retVal[0] == retVal[-1] == '"'): | ||||||
|             if any(map(lambda x: x in retVal, (conf.csvDel, '"', '\n'))): |             if any(_ in retVal for _ in (conf.csvDel, '"', '\n')): | ||||||
|                 retVal = '"%s"' % retVal.replace('"', '""') |                 retVal = '"%s"' % retVal.replace('"', '""') | ||||||
| 
 | 
 | ||||||
|     return retVal |     return retVal | ||||||
|  | @ -3124,7 +3121,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | ||||||
| def getHostHeader(url): | def getHostHeader(url): | ||||||
|     retVal = urlparse.urlparse(url).netloc |     retVal = urlparse.urlparse(url).netloc | ||||||
| 
 | 
 | ||||||
|     if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])): |     if any(retVal.endswith(':%d' % _) for _ in [80, 443]): | ||||||
|         retVal = retVal.split(':')[0] |         retVal = retVal.split(':')[0] | ||||||
| 
 | 
 | ||||||
|     return retVal |     return retVal | ||||||
|  |  | ||||||
|  | @ -9,8 +9,6 @@ See the file 'doc/COPYING' for copying permission | ||||||
| 
 | 
 | ||||||
| import logging | import logging | ||||||
| import os | import os | ||||||
| import _socket |  | ||||||
| import socket |  | ||||||
| import subprocess | import subprocess | ||||||
| import sys | import sys | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -32,8 +32,6 @@ def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): | ||||||
|     if page is None and pageLength is None: |     if page is None and pageLength is None: | ||||||
|         return None |         return None | ||||||
| 
 | 
 | ||||||
|     regExpResults = None |  | ||||||
| 
 |  | ||||||
|     seqMatcher = getCurrentThreadData().seqMatcher |     seqMatcher = getCurrentThreadData().seqMatcher | ||||||
|     seqMatcher.set_seq1(kb.pageTemplate) |     seqMatcher.set_seq1(kb.pageTemplate) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -339,7 +339,9 @@ class Connect: | ||||||
|                 return conn, None, None |                 return conn, None, None | ||||||
| 
 | 
 | ||||||
|             # Get HTTP response |             # Get HTTP response | ||||||
|             page = conn.read() if page is None else page |             if page is None: | ||||||
|  |                 page = conn.read() | ||||||
|  | 
 | ||||||
|             code = redirecting or conn.code |             code = redirecting or conn.code | ||||||
|             responseHeaders = conn.info() |             responseHeaders = conn.info() | ||||||
|             responseHeaders[URI_HTTP_HEADER] = conn.geturl() |             responseHeaders[URI_HTTP_HEADER] = conn.geturl() | ||||||
|  | @ -486,7 +488,7 @@ class Connect: | ||||||
|             if "forcibly closed" in tbMsg: |             if "forcibly closed" in tbMsg: | ||||||
|                 logger.critical(warnMsg) |                 logger.critical(warnMsg) | ||||||
|                 return None, None, None |                 return None, None, None | ||||||
|             elif silent or (ignoreTimeout and any(map(lambda x: x in tbMsg, ["timed out", "IncompleteRead"]))): |             elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))): | ||||||
|                 return None, None, None |                 return None, None, None | ||||||
|             elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: |             elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: | ||||||
|                 warnMsg += ", sqlmap is going to retry the request" |                 warnMsg += ", sqlmap is going to retry the request" | ||||||
|  |  | ||||||
|  | @ -102,7 +102,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None | ||||||
| 
 | 
 | ||||||
|     showEta = conf.eta and isinstance(length, int) |     showEta = conf.eta and isinstance(length, int) | ||||||
|     numThreads = min(conf.threads, length) |     numThreads = min(conf.threads, length) | ||||||
|     threads = [] |  | ||||||
| 
 | 
 | ||||||
|     if showEta: |     if showEta: | ||||||
|         progress = ProgressBar(maxValue=length) |         progress = ProgressBar(maxValue=length) | ||||||
|  |  | ||||||
|  | @ -161,7 +161,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where | ||||||
| 
 | 
 | ||||||
|     return retVal |     return retVal | ||||||
| 
 | 
 | ||||||
| def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL): | def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL): | ||||||
|     validPayload = None |     validPayload = None | ||||||
|     vector = None |     vector = None | ||||||
| 
 | 
 | ||||||
|  | @ -224,18 +224,18 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe | ||||||
| 
 | 
 | ||||||
|     return validPayload, vector |     return validPayload, vector | ||||||
| 
 | 
 | ||||||
| def __unionConfirm(comment, place, parameter, value, prefix, suffix, count): | def __unionConfirm(comment, place, parameter, prefix, suffix, count): | ||||||
|     validPayload = None |     validPayload = None | ||||||
|     vector = None |     vector = None | ||||||
| 
 | 
 | ||||||
|     # Confirm the inband SQL injection and get the exact column |     # Confirm the inband SQL injection and get the exact column | ||||||
|     # position which can be used to extract data |     # position which can be used to extract data | ||||||
|     validPayload, vector = __unionPosition(comment, place, parameter, value, prefix, suffix, count) |     validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count) | ||||||
| 
 | 
 | ||||||
|     # Assure that the above function found the exploitable full inband |     # Assure that the above function found the exploitable full inband | ||||||
|     # SQL injection position |     # SQL injection position | ||||||
|     if not validPayload: |     if not validPayload: | ||||||
|         validPayload, vector = __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE) |         validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE) | ||||||
| 
 | 
 | ||||||
|     return validPayload, vector |     return validPayload, vector | ||||||
| 
 | 
 | ||||||
|  | @ -249,7 +249,6 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix | ||||||
|     validPayload = None |     validPayload = None | ||||||
|     vector = None |     vector = None | ||||||
|     query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar) |     query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar) | ||||||
|     total = conf.uColsStop+1 - conf.uColsStart |  | ||||||
| 
 | 
 | ||||||
|     # In case that user explicitly stated number of columns affected |     # In case that user explicitly stated number of columns affected | ||||||
|     if conf.uColsStop == conf.uColsStart: |     if conf.uColsStop == conf.uColsStart: | ||||||
|  | @ -267,7 +266,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix | ||||||
|         if Backend.getIdentifiedDbms() in FROM_TABLE: |         if Backend.getIdentifiedDbms() in FROM_TABLE: | ||||||
|             query += FROM_TABLE[Backend.getIdentifiedDbms()] |             query += FROM_TABLE[Backend.getIdentifiedDbms()] | ||||||
| 
 | 
 | ||||||
|         validPayload, vector = __unionConfirm(comment, place, parameter, value, prefix, suffix, count) |         validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count) | ||||||
| 
 | 
 | ||||||
|         if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]): |         if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]): | ||||||
|             warnMsg = "if UNION based SQL injection is not detected, " |             warnMsg = "if UNION based SQL injection is not detected, " | ||||||
|  |  | ||||||
|  | @ -145,7 +145,6 @@ def unionUse(expression, unpack=True, dump=False): | ||||||
|     origExpr = expression |     origExpr = expression | ||||||
|     startLimit = 0 |     startLimit = 0 | ||||||
|     stopLimit = None |     stopLimit = None | ||||||
|     test = True |  | ||||||
|     value = "" |     value = "" | ||||||
| 
 | 
 | ||||||
|     width = getConsoleWidth() |     width = getConsoleWidth() | ||||||
|  |  | ||||||
|  | @ -118,7 +118,7 @@ class HashDB(object): | ||||||
|         if threadData.inTransaction: |         if threadData.inTransaction: | ||||||
|             try: |             try: | ||||||
|                 self.cursor.execute('END TRANSACTION') |                 self.cursor.execute('END TRANSACTION') | ||||||
|             except sqlite3.OperationalError, ex: |             except sqlite3.OperationalError: | ||||||
|                 pass |                 pass | ||||||
|             finally: |             finally: | ||||||
|                 threadData.inTransaction = False |                 threadData.inTransaction = False | ||||||
|  |  | ||||||
|  | @ -1594,7 +1594,7 @@ class Enumeration: | ||||||
|                         randStr, randStr2 = randomStr(), randomStr() |                         randStr, randStr2 = randomStr(), randomStr() | ||||||
|                         filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\ |                         filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\ | ||||||
|                           % ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2) |                           % ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2) | ||||||
|                         concats = ",".join(map(lambda x: "CONCAT(%s, '|')" % (filterFunction % x), colList[:-1])) |                         concats = ",".join("CONCAT(%s, '|')" % (filterFunction % _) for _ in colList[:-1]) | ||||||
|                         concats += ",%s" % (filterFunction % colList[-1]) |                         concats += ",%s" % (filterFunction % colList[-1]) | ||||||
|                         query = "SELECT GROUP_CONCAT(%s) FROM %s.%s" % (concats, conf.db, tbl) |                         query = "SELECT GROUP_CONCAT(%s) FROM %s.%s" % (concats, conf.db, tbl) | ||||||
|                         value = inject.getValue(query, blind=False) |                         value = inject.getValue(query, blind=False) | ||||||
|  |  | ||||||
|  | @ -7,8 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) | ||||||
| See the file 'doc/COPYING' for copying permission | See the file 'doc/COPYING' for copying permission | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| import re |  | ||||||
| 
 |  | ||||||
| from lib.core.common import randomRange | from lib.core.common import randomRange | ||||||
| from lib.core.data import kb | from lib.core.data import kb | ||||||
| from lib.core.enums import PRIORITY | from lib.core.enums import PRIORITY | ||||||
|  |  | ||||||
|  | @ -7,7 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) | ||||||
| See the file 'doc/COPYING' for copying permission | See the file 'doc/COPYING' for copying permission | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| import os |  | ||||||
| import random | import random | ||||||
| import string | import string | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -7,8 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) | ||||||
| See the file 'doc/COPYING' for copying permission | See the file 'doc/COPYING' for copying permission | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| import os |  | ||||||
| 
 |  | ||||||
| from lib.core.common import singleTimeWarnMessage | from lib.core.common import singleTimeWarnMessage | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
| from lib.core.enums import PRIORITY | from lib.core.enums import PRIORITY | ||||||
|  |  | ||||||
|  | @ -8,8 +8,6 @@ See the file 'doc/COPYING' for copying permission | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| import re | import re | ||||||
| import os |  | ||||||
| import random |  | ||||||
| 
 | 
 | ||||||
| from lib.core.common import singleTimeWarnMessage | from lib.core.common import singleTimeWarnMessage | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user