sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

introducing regex caching mechanism

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-21 14:42:59 +00:00
parent 14cab8527e
commit 5d5ebd49b6
4 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/common.py
View File

@ -70,6 +70,8 @@ from lib.core.settings import SQLITE_ALIASES
from lib.core.settings import ACCESS_ALIASES from lib.core.settings import ACCESS_ALIASES
from lib.core.settings import FIREBIRD_ALIASES from lib.core.settings import FIREBIRD_ALIASES
__compiledRegularExpressions = {}
def paramToDict(place, parameters=None): def paramToDict(place, parameters=None):
""" """
Split the parameters into names and values, check if these parameters Split the parameters into names and values, check if these parameters
@ -1222,3 +1224,11 @@ def getGoodSamaritanCharsets(part, prevValue, originalCharset):
return predictedCharset, otherCharset return predictedCharset, otherCharset
else: else:
return None, originalTable return None, originalTable
def getCompiledRegex(regex):
if regex in __compiledRegularExpressions:
return __compiledRegularExpressions[regex]
else:
retVal = re.compile(regex)
__compiledRegularExpressions[regex] = retVal
return retVal

9
lib/parse/banner.py
View File

@ -27,6 +27,7 @@ import re
from xml.sax.handler import ContentHandler from xml.sax.handler import ContentHandler
from lib.core.common import checkFile from lib.core.common import checkFile
from lib.core.common import getCompiledRegex
from lib.core.common import parseXmlFile from lib.core.common import parseXmlFile
from lib.core.common import sanitizeStr from lib.core.common import sanitizeStr
from lib.core.data import kb from lib.core.data import kb
@ -76,7 +77,8 @@ class MSSQLBannerHandler(ContentHandler):
def endElement(self, name): def endElement(self, name):
if name == "signature": if name == "signature":
for version in (self.__version, self.__versionAlt): for version in (self.__version, self.__versionAlt):
if version and re.search(" %s[\.\ ]+" % version, self.__banner): regObj = getCompiledRegex(" %s[\.\ ]+" % version)
if version and regObj.search(self.__banner):
self.__feedInfo("dbmsRelease", self.__release) self.__feedInfo("dbmsRelease", self.__release)
self.__feedInfo("dbmsVersion", self.__version) self.__feedInfo("dbmsVersion", self.__version)
self.__feedInfo("dbmsServicePack", self.__servicePack) self.__feedInfo("dbmsServicePack", self.__servicePack)
@ -89,8 +91,9 @@ class MSSQLBannerHandler(ContentHandler):
elif name == "version": elif name == "version":
self.__inVersion = False self.__inVersion = False
self.__version = self.__version.replace(" ", "") self.__version = self.__version.replace(" ", "")
match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self.__version) regObj = getCompiledRegex(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z")
match = regObj.search(self.__version)
self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
elif name == "servicepack": elif name == "servicepack":

9
lib/request/basic.py
View File

@ -28,6 +28,7 @@ import re
import StringIO import StringIO
import zlib import zlib
from lib.core.common import getCompiledRegex
from lib.core.common import isWindowsDriveLetterPath from lib.core.common import isWindowsDriveLetterPath
from lib.core.common import posixToNtSlashes from lib.core.common import posixToNtSlashes
from lib.core.common import urlEncodeCookieValues from lib.core.common import urlEncodeCookieValues
@ -36,9 +37,6 @@ from lib.core.data import kb
from lib.parse.headers import headersParser from lib.parse.headers import headersParser
from lib.parse.html import htmlParser from lib.parse.html import htmlParser
__absFilePathsRegExp = ( r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" )
__absFilePathsRegObj = [re.compile(absFilePathRegExp) for absFilePathRegExp in __absFilePathsRegExp]
def forgeHeaders(cookie, ua): def forgeHeaders(cookie, ua):
""" """
Prepare HTTP Cookie and HTTP User-Agent headers to use when performing Prepare HTTP Cookie and HTTP User-Agent headers to use when performing
@ -78,8 +76,9 @@ def parseResponse(page, headers):
# NOTE: this regular expression works if the remote web application # NOTE: this regular expression works if the remote web application
# is written in PHP and debug/error messages are enabled. # is written in PHP and debug/error messages are enabled.
for reobj in __absFilePathsRegObj: for regex in ( r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" ):
for match in reobj.finditer(page): regObj = getCompiledRegex(regex)
for match in regObj.finditer(page):
absFilePath = match.group("result").strip() absFilePath = match.group("result").strip()
page = page.replace(absFilePath, "") page = page.replace(absFilePath, "")

6
lib/utils/detection.py
View File

@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re, sre_constants import re, sre_constants
from xml.dom import minidom from xml.dom import minidom
from lib.core.common import getCompiledRegex
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import logger from lib.core.data import logger
@ -50,12 +51,13 @@ def checkPayload(string):
rules = [] rules = []
for xmlrule in xmlrules.getElementsByTagName("filter"): for xmlrule in xmlrules.getElementsByTagName("filter"):
try: try:
rule = re.compile(xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue) rule = xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue
desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue) desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)
rules.append((rule, desc)) rules.append((rule, desc))
except sre_constants.error: #some issues with some regex expressions in Python 2.5 except sre_constants.error: #some issues with some regex expressions in Python 2.5
pass pass
for rule, desc in rules: for rule, desc in rules:
if rule.search(string, re.IGNORECASE): regObj = getCompiledRegex(rule)
if regObj.search(string, re.IGNORECASE):
logger.warn("highly probable IDS/IPS detection: '%s'" % desc) logger.warn("highly probable IDS/IPS detection: '%s'" % desc)