mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
minor code restyling
This commit is contained in:
Miroslav Stampar
parent
61a25418a9
commit
6e54cb171f
|
|
@ -201,7 +201,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
clauseMatch = True
|
||||
break
|
||||
|
||||
if clause != [ 0 ] and injection.clause and injection.clause != [ 0 ] and not clauseMatch:
|
||||
if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch:
|
||||
debugMsg = "skipping test '%s' because the clauses " % title
|
||||
debugMsg += "differs from the clause already identified"
|
||||
logger.debug(debugMsg)
|
||||
|
|
@ -243,7 +243,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
clauseMatch = True
|
||||
break
|
||||
|
||||
if test.clause != [ 0 ] and boundary.clause != [ 0 ] and not clauseMatch:
|
||||
if test.clause != [0] and boundary.clause != [0] and not clauseMatch:
|
||||
continue
|
||||
|
||||
# Skip boundary if it does not match against test's <where>
|
||||
|
|
@ -328,7 +328,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Useful to set kb.matchRatio at first based on
|
||||
# the False response content
|
||||
kb.matchRatio = None
|
||||
_ = Request.queryPage(genCmpPayload(), place, raise404=False)
|
||||
Request.queryPage(genCmpPayload(), place, raise404=False)
|
||||
|
||||
# If in the comparing stage there was an error
|
||||
# then anything non-error will be considered as True
|
||||
|
|
@ -626,7 +626,7 @@ def simpletonCheckSqlInjection(place, parameter, value):
|
|||
|
||||
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
|
||||
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
|
||||
payload = "%s AND %d=%d" % (value, randInt, randInt+1)
|
||||
payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
|
||||
|
||||
payload = agent.payload(place, parameter, value, payload)
|
||||
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
|
|
@ -737,7 +737,7 @@ def checkStability():
|
|||
infoMsg = "testing if the url is stable, wait a few seconds"
|
||||
logger.info(infoMsg)
|
||||
|
||||
firstPage = kb.originalPage # set inside checkConnection()
|
||||
firstPage = kb.originalPage # set inside checkConnection()
|
||||
time.sleep(1)
|
||||
secondPage, _ = Request.queryPage(content=True, raise404=False)
|
||||
|
||||
|
|
|
|||
|
|
@ -290,7 +290,7 @@ class Backend:
|
|||
@staticmethod
|
||||
def setVersion(version):
|
||||
if isinstance(version, basestring):
|
||||
kb.dbmsVersion = [ version ]
|
||||
kb.dbmsVersion = [version]
|
||||
|
||||
return kb.dbmsVersion
|
||||
|
||||
|
|
@ -370,7 +370,7 @@ class Backend:
|
|||
while True:
|
||||
_ = readInput(msg, default='1')
|
||||
|
||||
if isinstance(_, basestring) and _.isdigit() and int(_) in ( 1, 2 ):
|
||||
if isinstance(_, basestring) and _.isdigit() and int(_) in (1, 2):
|
||||
kb.arch = 32 if int(_) == 1 else 64
|
||||
|
||||
break
|
||||
|
|
@ -493,7 +493,7 @@ class Backend:
|
|||
# Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
|
||||
def cachedmethod(f, cache={}):
|
||||
def g(*args, **kwargs):
|
||||
key = ( f, tuple(args), frozenset(kwargs.items()) )
|
||||
key = (f, tuple(args), frozenset(kwargs.items()))
|
||||
if key not in cache:
|
||||
cache[key] = f(*args, **kwargs)
|
||||
return cache[key]
|
||||
|
|
@ -517,7 +517,7 @@ def paramToDict(place, parameters=None):
|
|||
|
||||
testableParameters = OrderedDict()
|
||||
|
||||
if conf.parameters.has_key(place) and not parameters:
|
||||
if place in conf.parameters and not parameters:
|
||||
parameters = conf.parameters[place]
|
||||
|
||||
if place != PLACE.SOAP:
|
||||
|
|
@ -587,7 +587,7 @@ def paramToDict(place, parameters=None):
|
|||
|
||||
elif len(conf.testParameter) != len(testableParameters.keys()):
|
||||
for parameter in conf.testParameter:
|
||||
if not testableParameters.has_key(parameter):
|
||||
if parameter not in testableParameters:
|
||||
warnMsg = "provided parameter '%s' " % parameter
|
||||
warnMsg += "is not inside the %s" % place
|
||||
logger.warn(warnMsg)
|
||||
|
|
@ -1087,7 +1087,7 @@ def parseTargetDirect():
|
|||
import pyodbc
|
||||
elif dbmsName == DBMS.FIREBIRD:
|
||||
import kinterbasdb
|
||||
except ImportError, _:
|
||||
except ImportError:
|
||||
errMsg = "sqlmap requires '%s' third-party library " % data[1]
|
||||
errMsg += "in order to directly connect to the database "
|
||||
errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
|
||||
|
|
@ -1259,7 +1259,7 @@ def parseFilePaths(page):
|
|||
"""
|
||||
|
||||
if page:
|
||||
for regex in ( r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" ):
|
||||
for regex in (r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)"):
|
||||
for match in re.finditer(regex, page):
|
||||
absFilePath = match.group("result").strip()
|
||||
page = page.replace(absFilePath, "")
|
||||
|
|
@ -1303,30 +1303,30 @@ def getCharset(charsetType=None):
|
|||
|
||||
# 0 or 1
|
||||
elif charsetType == 1:
|
||||
asciiTbl.extend([ 0, 1 ])
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend(xrange(47, 50))
|
||||
|
||||
# Digits
|
||||
elif charsetType == 2:
|
||||
asciiTbl.extend([ 0, 1 ])
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
|
||||
# Hexadecimal
|
||||
elif charsetType == 3:
|
||||
asciiTbl.extend([ 0, 1 ])
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
asciiTbl.extend(xrange(64, 71))
|
||||
asciiTbl.extend(xrange(96, 103))
|
||||
|
||||
# Characters
|
||||
elif charsetType == 4:
|
||||
asciiTbl.extend([ 0, 1 ])
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend(xrange(64, 91))
|
||||
asciiTbl.extend(xrange(96, 123))
|
||||
|
||||
# Characters and digits
|
||||
elif charsetType == 5:
|
||||
asciiTbl.extend([ 0, 1 ])
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
asciiTbl.extend(xrange(64, 91))
|
||||
asciiTbl.extend(xrange(96, 123))
|
||||
|
|
@ -1417,7 +1417,7 @@ def safeStringFormat(format_, params):
|
|||
|
||||
if index != -1:
|
||||
if count < len(params):
|
||||
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index+2:]
|
||||
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
|
||||
else:
|
||||
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
|
||||
|
||||
|
|
@ -1465,7 +1465,7 @@ def showStaticWords(firstPage, secondPage):
|
|||
|
||||
if firstPage and secondPage:
|
||||
match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage))
|
||||
commonText = firstPage[match[0]:match[0]+match[2]]
|
||||
commonText = firstPage[match[0]:match[0] + match[2]]
|
||||
commonWords = getPageWordSet(commonText)
|
||||
else:
|
||||
commonWords = None
|
||||
|
|
@ -1509,7 +1509,7 @@ def decloakToMkstemp(filepath, **kwargs):
|
|||
handle, name = mkstemp(**kwargs)
|
||||
|
||||
fptr = os.fdopen(handle)
|
||||
fptr.close() # close low level handle (causing problems latter)
|
||||
fptr.close() # close low level handle (causing problems latter)
|
||||
|
||||
retVal = open(name, 'w+b')
|
||||
|
||||
|
|
@ -1689,7 +1689,7 @@ def stdev(values):
|
|||
else:
|
||||
avg = average(values)
|
||||
_ = reduce(lambda x, y: x + pow((y or 0) - avg, 2), values, 0.0)
|
||||
retVal = sqrt(_/(len(values) - 1))
|
||||
retVal = sqrt(_ / (len(values) - 1))
|
||||
kb.cache.stdev[key] = retVal
|
||||
|
||||
return retVal
|
||||
|
|
@ -1722,7 +1722,7 @@ def initCommonOutputs():
|
|||
key = None
|
||||
|
||||
with codecs.open(paths.COMMON_OUTPUTS, 'r', UNICODE_ENCODING) as f:
|
||||
for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
|
||||
for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
|
||||
if line.find('#') != -1:
|
||||
line = line[:line.find('#')]
|
||||
|
||||
|
|
@ -1748,7 +1748,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
|
|||
checkFile(filename)
|
||||
|
||||
with codecs.open(filename, 'r', UNICODE_ENCODING) if unicode_ else open(filename, 'r') as f:
|
||||
for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used
|
||||
for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used
|
||||
if commentPrefix:
|
||||
if line.find(commentPrefix) != -1:
|
||||
line = line[:line.find(commentPrefix)]
|
||||
|
|
@ -1873,7 +1873,7 @@ def getPartRun():
|
|||
|
||||
# Goes backwards through the stack to find the conf.dbmsHandler method
|
||||
# calling this function
|
||||
for i in xrange(0, len(stack)-1):
|
||||
for i in xrange(0, len(stack) - 1):
|
||||
for regex in (getCompiledRegex('self\.(get[^(]+)\(\)'), getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')):
|
||||
match = regex.search(stack[i])
|
||||
|
||||
|
|
@ -1918,7 +1918,7 @@ def getUnicode(value, encoding=None, system=False, noneToNull=False):
|
|||
elif isinstance(value, basestring):
|
||||
return unicode(value, encoding or UNICODE_ENCODING, errors="replace")
|
||||
else:
|
||||
return unicode(value) # encoding ignored for non-basestring instances
|
||||
return unicode(value) # encoding ignored for non-basestring instances
|
||||
else:
|
||||
try:
|
||||
return getUnicode(value, sys.getfilesystemencoding() or sys.stdin.encoding)
|
||||
|
|
@ -2102,7 +2102,7 @@ def runningAsAdmin():
|
|||
|
||||
isAdmin = False
|
||||
|
||||
if PLATFORM in ( "posix", "mac" ):
|
||||
if PLATFORM in ("posix", "mac"):
|
||||
isAdmin = os.geteuid()
|
||||
|
||||
if isinstance(isAdmin, (int, float, long)) and isAdmin == 0:
|
||||
|
|
@ -2262,7 +2262,7 @@ def findDynamicContent(firstPage, secondPage):
|
|||
prefix = trimAlphaNum(prefix)
|
||||
suffix = trimAlphaNum(suffix)
|
||||
|
||||
kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH/2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH/2]) if suffix else None))
|
||||
kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH / 2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH / 2]) if suffix else None))
|
||||
|
||||
if len(kb.dynamicMarkings) > 0:
|
||||
infoMsg = "dynamic content marked for removal (%d region%s)" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '')
|
||||
|
|
@ -2424,7 +2424,7 @@ def initTechnique(technique=None):
|
|||
warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
except sqlmapDataException, _:
|
||||
except sqlmapDataException:
|
||||
errMsg = "missing data in old session file(s). "
|
||||
errMsg += "Please use '--flush-session' to deal "
|
||||
errMsg += "with this error"
|
||||
|
|
@ -2437,7 +2437,7 @@ def arrayizeValue(value):
|
|||
"""
|
||||
|
||||
if not isinstance(value, (list, tuple)):
|
||||
value = [ value ]
|
||||
value = [value]
|
||||
|
||||
return value
|
||||
|
||||
|
|
@ -2539,7 +2539,7 @@ def decodeIntToUnicode(value):
|
|||
try:
|
||||
# http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
|
||||
return struct.pack('B' if value<256 else '<H', value).decode(kb.pageEncoding or UNICODE_ENCODING)
|
||||
return struct.pack('B' if value < 256 else '<H', value).decode(kb.pageEncoding or UNICODE_ENCODING)
|
||||
else:
|
||||
return unichr(value)
|
||||
except:
|
||||
|
|
@ -2577,7 +2577,7 @@ def maskSensitiveData(msg):
|
|||
regex = SENSITIVE_DATA_REGEX % item
|
||||
while extractRegexResult(regex, retVal):
|
||||
value = extractRegexResult(regex, retVal)
|
||||
retVal = retVal.replace(value, '*'*len(value))
|
||||
retVal = retVal.replace(value, '*' * len(value))
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
@ -2658,10 +2658,10 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
|||
while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
|
||||
regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
|
||||
|
||||
if all(part.lower() in content.lower() for part in regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)): # fast optimization check
|
||||
if all(part.lower() in content.lower() for part in regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)): # fast optimization check
|
||||
parts = regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)
|
||||
if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs
|
||||
regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS/2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS/2:]))
|
||||
if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs
|
||||
regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:]))
|
||||
|
||||
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
|
||||
|
||||
|
|
@ -2689,7 +2689,7 @@ def normalizeUnicode(value):
|
|||
|
||||
retVal = value
|
||||
if isinstance(value, unicode):
|
||||
retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore')
|
||||
retVal = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore')
|
||||
return retVal
|
||||
|
||||
def safeSQLIdentificatorNaming(name, isTable=False):
|
||||
|
|
@ -2744,7 +2744,7 @@ def isBinaryData(value):
|
|||
|
||||
retVal = False
|
||||
if isinstance(value, basestring):
|
||||
retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
|
||||
retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
|
||||
return retVal
|
||||
|
||||
def isNoneValue(value):
|
||||
|
|
@ -3071,7 +3071,7 @@ def unserializeObject(value):
|
|||
|
||||
retVal = None
|
||||
if value:
|
||||
retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
|
||||
retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
|
||||
return retVal
|
||||
|
||||
def resetCounter(technique):
|
||||
|
|
|
|||
|
|
@ -110,13 +110,13 @@ class Enumeration:
|
|||
bannerParser(kb.data.banner)
|
||||
|
||||
if conf.os and conf.os == "windows":
|
||||
kb.bannerFp["type"] = set([ "Windows" ])
|
||||
kb.bannerFp["type"] = set(["Windows"])
|
||||
|
||||
elif conf.os and conf.os == "linux":
|
||||
kb.bannerFp["type"] = set([ "Linux" ])
|
||||
kb.bannerFp["type"] = set(["Linux"])
|
||||
|
||||
elif conf.os:
|
||||
kb.bannerFp["type"] = set([ "%s%s" % (conf.os[0].upper(), conf.os[1:]) ])
|
||||
kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])])
|
||||
|
||||
if conf.os:
|
||||
setOs()
|
||||
|
|
@ -168,8 +168,8 @@ class Enumeration:
|
|||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].users
|
||||
|
||||
condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) )
|
||||
condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema )
|
||||
condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
|
||||
condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if condition:
|
||||
|
|
@ -260,7 +260,7 @@ class Enumeration:
|
|||
randStr = randomStr()
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
|
||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=False)
|
||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
|
||||
|
||||
if retVal:
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
|
||||
|
|
@ -280,7 +280,7 @@ class Enumeration:
|
|||
|
||||
password = parsePasswordHash(password)
|
||||
|
||||
if not kb.data.cachedUsersPasswords.has_key(user):
|
||||
if user not in kb.data.cachedUsersPasswords:
|
||||
kb.data.cachedUsersPasswords[user] = [password]
|
||||
else:
|
||||
kb.data.cachedUsersPasswords[user].append(password)
|
||||
|
|
@ -302,7 +302,7 @@ class Enumeration:
|
|||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=True)
|
||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True)
|
||||
|
||||
if retVal:
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
|
||||
|
|
@ -389,24 +389,24 @@ class Enumeration:
|
|||
def __isAdminFromPrivileges(self, privileges):
|
||||
# In PostgreSQL the usesuper privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges )
|
||||
dbaCondition = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
|
||||
|
||||
# In Oracle the DBA privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges )
|
||||
dbaCondition |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges)
|
||||
|
||||
# In MySQL >= 5.0 the SUPER privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges )
|
||||
dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges)
|
||||
|
||||
# In MySQL < 5.0 the super_priv privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges )
|
||||
dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges)
|
||||
|
||||
# In Firebird there is no specific privilege that means
|
||||
# that the user is DBA
|
||||
# TODO: confirm
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
|
||||
dbaCondition |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges)
|
||||
|
||||
return dbaCondition
|
||||
|
||||
|
|
@ -490,7 +490,7 @@ class Enumeration:
|
|||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
|
||||
elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
|
|
@ -521,7 +521,7 @@ class Enumeration:
|
|||
if self.__isAdminFromPrivileges(privileges):
|
||||
areAdmins.add(user)
|
||||
|
||||
if kb.data.cachedUsersPrivileges.has_key(user):
|
||||
if user in kb.data.cachedUsersPrivileges:
|
||||
kb.data.cachedUsersPrivileges[user].extend(privileges)
|
||||
else:
|
||||
kb.data.cachedUsersPrivileges[user] = list(privileges)
|
||||
|
|
@ -615,7 +615,7 @@ class Enumeration:
|
|||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
|
||||
elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
|
|
@ -679,7 +679,7 @@ class Enumeration:
|
|||
errMsg += "for the database users"
|
||||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
return ( kb.data.cachedUsersPrivileges, areAdmins )
|
||||
return (kb.data.cachedUsersPrivileges, areAdmins)
|
||||
|
||||
def getRoles(self, query2=False):
|
||||
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
|
||||
|
|
@ -830,7 +830,7 @@ class Enumeration:
|
|||
if resumeAvailable:
|
||||
for db, table in kb.brute.tables:
|
||||
if db == conf.db:
|
||||
if not kb.data.cachedTables.has_key(conf.db):
|
||||
if conf.db not in kb.data.cachedTables:
|
||||
kb.data.cachedTables[conf.db] = [table]
|
||||
else:
|
||||
kb.data.cachedTables[conf.db].append(table)
|
||||
|
|
@ -882,7 +882,7 @@ class Enumeration:
|
|||
db = safeSQLIdentificatorNaming(db)
|
||||
table = safeSQLIdentificatorNaming(table, True)
|
||||
|
||||
if not kb.data.cachedTables.has_key(db):
|
||||
if db not in kb.data.cachedTables:
|
||||
kb.data.cachedTables[db] = [table]
|
||||
else:
|
||||
kb.data.cachedTables[db].append(table)
|
||||
|
|
@ -1078,7 +1078,7 @@ class Enumeration:
|
|||
infoMsg += "database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
return { conf.db: kb.data.cachedColumns[conf.db]}
|
||||
return {conf.db: kb.data.cachedColumns[conf.db]}
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
||||
|
|
@ -1101,10 +1101,10 @@ class Enumeration:
|
|||
infoMsg += "on database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
elif Backend.getIdentifiedDbms() in ( DBMS.ORACLE, DBMS.DB2):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
||||
query += condQuery
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
|
|
@ -1147,7 +1147,7 @@ class Enumeration:
|
|||
infoMsg += "database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
return { conf.db: kb.data.cachedColumns[conf.db]}
|
||||
return {conf.db: kb.data.cachedColumns[conf.db]}
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
||||
|
|
@ -1170,7 +1170,7 @@ class Enumeration:
|
|||
infoMsg += "on database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
|
||||
|
|
@ -1209,7 +1209,7 @@ class Enumeration:
|
|||
indexRange = getLimitRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
field = None
|
||||
|
|
@ -1232,7 +1232,7 @@ class Enumeration:
|
|||
|
||||
if not isNoneValue(column):
|
||||
if not onlyColNames:
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
|
||||
|
|
@ -1457,7 +1457,7 @@ class Enumeration:
|
|||
|
||||
if conf.limitStart or conf.limitStop:
|
||||
if conf.limitStart and (i + 1) < conf.limitStart:
|
||||
warnMsg = "skipping first %d pivot " % conf.limitStart
|
||||
warnMsg = "skipping first %d pivot " % conf.limitStart
|
||||
warnMsg += "point values"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
break
|
||||
|
|
@ -1611,7 +1611,7 @@ class Enumeration:
|
|||
if isNoneValue(entries):
|
||||
entries = []
|
||||
elif isinstance(entries, basestring):
|
||||
entries = [ entries ]
|
||||
entries = [entries]
|
||||
elif not isinstance(entries, (list, tuple)):
|
||||
entries = []
|
||||
|
||||
|
|
@ -1621,8 +1621,8 @@ class Enumeration:
|
|||
for column in colList:
|
||||
colLen = len(column)
|
||||
|
||||
if not kb.data.dumpedTable.has_key(column):
|
||||
kb.data.dumpedTable[column] = { "length": colLen, "values": [] }
|
||||
if column not in kb.data.dumpedTable:
|
||||
kb.data.dumpedTable[column] = {"length": colLen, "values": []}
|
||||
|
||||
for entry in entries:
|
||||
if entry is None or len(entry) == 0:
|
||||
|
|
@ -1667,7 +1667,7 @@ class Enumeration:
|
|||
entries = {}
|
||||
|
||||
if count == 0:
|
||||
warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
warnMsg += "on database '%s' " % unsafeSQLIdentificatorNaming(conf.db)
|
||||
warnMsg += "appears to be empty"
|
||||
logger.warn(warnMsg)
|
||||
|
|
@ -1711,7 +1711,7 @@ class Enumeration:
|
|||
if column not in entries:
|
||||
entries[column] = BigArray()
|
||||
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.query % (column, conf.db, conf.tbl, sorted(colList, key=len)[0], index)
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.blind.query % (column, column,
|
||||
|
|
@ -1736,7 +1736,7 @@ class Enumeration:
|
|||
for column, columnEntries in entries.items():
|
||||
length = max(lengths[column], len(column))
|
||||
|
||||
kb.data.dumpedTable[column] = { "length": length, "values": columnEntries }
|
||||
kb.data.dumpedTable[column] = {"length": length, "values": columnEntries}
|
||||
|
||||
entriesCount = len(columnEntries)
|
||||
|
||||
|
|
@ -1748,9 +1748,9 @@ class Enumeration:
|
|||
warnMsg += "on database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "")
|
||||
logger.warn(warnMsg)
|
||||
else:
|
||||
kb.data.dumpedTable["__infos__"] = { "count": entriesCount,
|
||||
"table": safeSQLIdentificatorNaming(tbl, True),
|
||||
"db": safeSQLIdentificatorNaming(conf.db) }
|
||||
kb.data.dumpedTable["__infos__"] = {"count": entriesCount,
|
||||
"table": safeSQLIdentificatorNaming(tbl, True),
|
||||
"db": safeSQLIdentificatorNaming(conf.db)}
|
||||
|
||||
attackDumpedTable()
|
||||
conf.dumper.dbTableValues(kb.data.dumpedTable)
|
||||
|
|
@ -1783,7 +1783,7 @@ class Enumeration:
|
|||
|
||||
if kb.data.cachedTables:
|
||||
if isinstance(kb.data.cachedTables, list):
|
||||
kb.data.cachedTables = { None : kb.data.cachedTables }
|
||||
kb.data.cachedTables = {None : kb.data.cachedTables}
|
||||
|
||||
for db, tables in kb.data.cachedTables.items():
|
||||
conf.db = db
|
||||
|
|
@ -1915,7 +1915,7 @@ class Enumeration:
|
|||
|
||||
if not isNoneValue(values):
|
||||
if isinstance(values, basestring):
|
||||
values = [ values ]
|
||||
values = [values]
|
||||
|
||||
for value in values:
|
||||
value = safeSQLIdentificatorNaming(value)
|
||||
|
|
@ -2040,7 +2040,7 @@ class Enumeration:
|
|||
if foundDb in foundTbls:
|
||||
foundTbls[foundDb].append(foundTbl)
|
||||
else:
|
||||
foundTbls[foundDb] = [ foundTbl ]
|
||||
foundTbls[foundDb] = [foundTbl]
|
||||
else:
|
||||
infoMsg = "fetching number of databases with table"
|
||||
if tblConsider == "1":
|
||||
|
|
@ -2231,7 +2231,7 @@ class Enumeration:
|
|||
if foundDb in foundCols[column]:
|
||||
foundCols[column][foundDb].append(foundTbl)
|
||||
else:
|
||||
foundCols[column][foundDb] = [ foundTbl ]
|
||||
foundCols[column][foundDb] = [foundTbl]
|
||||
else:
|
||||
if not conf.db:
|
||||
infoMsg = "fetching number of databases with tables containing column"
|
||||
|
|
@ -2360,7 +2360,6 @@ class Enumeration:
|
|||
def sqlQuery(self, query):
|
||||
output = None
|
||||
sqlType = None
|
||||
getOutput = None
|
||||
|
||||
query = query.rstrip(';')
|
||||
|
||||
|
|
@ -2425,7 +2424,7 @@ class Enumeration:
|
|||
if not query:
|
||||
continue
|
||||
|
||||
if query.lower() in ( "x", "q", "exit", "quit" ):
|
||||
if query.lower() in ("x", "q", "exit", "quit"):
|
||||
break
|
||||
|
||||
output = self.sqlQuery(query)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user