From 6e54cb171f5dd184590b6a88da0be198e11fac1e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 22 Feb 2012 15:53:36 +0000 Subject: [PATCH] minor code restyling --- lib/controller/checks.py | 10 ++-- lib/core/common.py | 64 +++++++++++++------------- plugins/generic/enumeration.py | 83 +++++++++++++++++----------------- 3 files changed, 78 insertions(+), 79 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 808ebc211..1751d3f4e 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -201,7 +201,7 @@ def checkSqlInjection(place, parameter, value): clauseMatch = True break - if clause != [ 0 ] and injection.clause and injection.clause != [ 0 ] and not clauseMatch: + if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch: debugMsg = "skipping test '%s' because the clauses " % title debugMsg += "differs from the clause already identified" logger.debug(debugMsg) @@ -243,7 +243,7 @@ def checkSqlInjection(place, parameter, value): clauseMatch = True break - if test.clause != [ 0 ] and boundary.clause != [ 0 ] and not clauseMatch: + if test.clause != [0] and boundary.clause != [0] and not clauseMatch: continue # Skip boundary if it does not match against test's @@ -328,7 +328,7 @@ def checkSqlInjection(place, parameter, value): # Useful to set kb.matchRatio at first based on # the False response content kb.matchRatio = None - _ = Request.queryPage(genCmpPayload(), place, raise404=False) + Request.queryPage(genCmpPayload(), place, raise404=False) # If in the comparing stage there was an error # then anything non-error will be considered as True @@ -626,7 +626,7 @@ def simpletonCheckSqlInjection(place, parameter, value): if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()): if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO: - payload = "%s AND %d=%d" % (value, randInt, randInt+1) + payload = "%s AND %d=%d" % (value, randInt, randInt + 1) payload = agent.payload(place, parameter, value, payload) secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False) @@ -737,7 +737,7 @@ def checkStability(): infoMsg = "testing if the url is stable, wait a few seconds" logger.info(infoMsg) - firstPage = kb.originalPage # set inside checkConnection() + firstPage = kb.originalPage # set inside checkConnection() time.sleep(1) secondPage, _ = Request.queryPage(content=True, raise404=False) diff --git a/lib/core/common.py b/lib/core/common.py index 06498ec77..756805d87 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -290,7 +290,7 @@ class Backend: @staticmethod def setVersion(version): if isinstance(version, basestring): - kb.dbmsVersion = [ version ] + kb.dbmsVersion = [version] return kb.dbmsVersion @@ -370,7 +370,7 @@ class Backend: while True: _ = readInput(msg, default='1') - if isinstance(_, basestring) and _.isdigit() and int(_) in ( 1, 2 ): + if isinstance(_, basestring) and _.isdigit() and int(_) in (1, 2): kb.arch = 32 if int(_) == 1 else 64 break @@ -493,7 +493,7 @@ class Backend: # Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/ def cachedmethod(f, cache={}): def g(*args, **kwargs): - key = ( f, tuple(args), frozenset(kwargs.items()) ) + key = (f, tuple(args), frozenset(kwargs.items())) if key not in cache: cache[key] = f(*args, **kwargs) return cache[key] @@ -517,7 +517,7 @@ def paramToDict(place, parameters=None): testableParameters = OrderedDict() - if conf.parameters.has_key(place) and not parameters: + if place in conf.parameters and not parameters: parameters = conf.parameters[place] if place != PLACE.SOAP: @@ -587,7 +587,7 @@ def paramToDict(place, parameters=None): elif len(conf.testParameter) != len(testableParameters.keys()): for parameter in conf.testParameter: - if not testableParameters.has_key(parameter): + if parameter not in testableParameters: warnMsg = "provided parameter '%s' " % parameter warnMsg += "is not inside the %s" % place logger.warn(warnMsg) @@ -1087,7 +1087,7 @@ def parseTargetDirect(): import pyodbc elif dbmsName == DBMS.FIREBIRD: import kinterbasdb - except ImportError, _: + except ImportError: errMsg = "sqlmap requires '%s' third-party library " % data[1] errMsg += "in order to directly connect to the database " errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) @@ -1259,7 +1259,7 @@ def parseFilePaths(page): """ if page: - for regex in ( r" in (?P.*?) on line", r"(?:>|\s)(?P[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P/\w[/\w.]+)" ): + for regex in (r" in (?P.*?) on line", r"(?:>|\s)(?P[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P/\w[/\w.]+)"): for match in re.finditer(regex, page): absFilePath = match.group("result").strip() page = page.replace(absFilePath, "") @@ -1303,30 +1303,30 @@ def getCharset(charsetType=None): # 0 or 1 elif charsetType == 1: - asciiTbl.extend([ 0, 1 ]) + asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(47, 50)) # Digits elif charsetType == 2: - asciiTbl.extend([ 0, 1 ]) + asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(47, 58)) # Hexadecimal elif charsetType == 3: - asciiTbl.extend([ 0, 1 ]) + asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(64, 71)) asciiTbl.extend(xrange(96, 103)) # Characters elif charsetType == 4: - asciiTbl.extend([ 0, 1 ]) + asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(64, 91)) asciiTbl.extend(xrange(96, 123)) # Characters and digits elif charsetType == 5: - asciiTbl.extend([ 0, 1 ]) + asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(64, 91)) asciiTbl.extend(xrange(96, 123)) @@ -1417,7 +1417,7 @@ def safeStringFormat(format_, params): if index != -1: if count < len(params): - retVal = retVal[:index] + getUnicode(params[count]) + retVal[index+2:] + retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:] else: raise sqlmapNoneDataException, "wrong number of parameters during string formatting" @@ -1465,7 +1465,7 @@ def showStaticWords(firstPage, secondPage): if firstPage and secondPage: match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage)) - commonText = firstPage[match[0]:match[0]+match[2]] + commonText = firstPage[match[0]:match[0] + match[2]] commonWords = getPageWordSet(commonText) else: commonWords = None @@ -1509,7 +1509,7 @@ def decloakToMkstemp(filepath, **kwargs): handle, name = mkstemp(**kwargs) fptr = os.fdopen(handle) - fptr.close() # close low level handle (causing problems latter) + fptr.close() # close low level handle (causing problems latter) retVal = open(name, 'w+b') @@ -1689,7 +1689,7 @@ def stdev(values): else: avg = average(values) _ = reduce(lambda x, y: x + pow((y or 0) - avg, 2), values, 0.0) - retVal = sqrt(_/(len(values) - 1)) + retVal = sqrt(_ / (len(values) - 1)) kb.cache.stdev[key] = retVal return retVal @@ -1722,7 +1722,7 @@ def initCommonOutputs(): key = None with codecs.open(paths.COMMON_OUTPUTS, 'r', UNICODE_ENCODING) as f: - for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used + for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used if line.find('#') != -1: line = line[:line.find('#')] @@ -1748,7 +1748,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un checkFile(filename) with codecs.open(filename, 'r', UNICODE_ENCODING) if unicode_ else open(filename, 'r') as f: - for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used + for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used if commentPrefix: if line.find(commentPrefix) != -1: line = line[:line.find(commentPrefix)] @@ -1873,7 +1873,7 @@ def getPartRun(): # Goes backwards through the stack to find the conf.dbmsHandler method # calling this function - for i in xrange(0, len(stack)-1): + for i in xrange(0, len(stack) - 1): for regex in (getCompiledRegex('self\.(get[^(]+)\(\)'), getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')): match = regex.search(stack[i]) @@ -1918,7 +1918,7 @@ def getUnicode(value, encoding=None, system=False, noneToNull=False): elif isinstance(value, basestring): return unicode(value, encoding or UNICODE_ENCODING, errors="replace") else: - return unicode(value) # encoding ignored for non-basestring instances + return unicode(value) # encoding ignored for non-basestring instances else: try: return getUnicode(value, sys.getfilesystemencoding() or sys.stdin.encoding) @@ -2102,7 +2102,7 @@ def runningAsAdmin(): isAdmin = False - if PLATFORM in ( "posix", "mac" ): + if PLATFORM in ("posix", "mac"): isAdmin = os.geteuid() if isinstance(isAdmin, (int, float, long)) and isAdmin == 0: @@ -2262,7 +2262,7 @@ def findDynamicContent(firstPage, secondPage): prefix = trimAlphaNum(prefix) suffix = trimAlphaNum(suffix) - kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH/2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH/2]) if suffix else None)) + kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH / 2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH / 2]) if suffix else None)) if len(kb.dynamicMarkings) > 0: infoMsg = "dynamic content marked for removal (%d region%s)" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '') @@ -2424,7 +2424,7 @@ def initTechnique(technique=None): warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique) logger.warn(warnMsg) - except sqlmapDataException, _: + except sqlmapDataException: errMsg = "missing data in old session file(s). " errMsg += "Please use '--flush-session' to deal " errMsg += "with this error" @@ -2437,7 +2437,7 @@ def arrayizeValue(value): """ if not isinstance(value, (list, tuple)): - value = [ value ] + value = [value] return value @@ -2539,7 +2539,7 @@ def decodeIntToUnicode(value): try: # http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): - return struct.pack('B' if value<256 else ' REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs - regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS/2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS/2:])) + if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs + regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])) retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I) @@ -2689,7 +2689,7 @@ def normalizeUnicode(value): retVal = value if isinstance(value, unicode): - retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore') + retVal = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore') return retVal def safeSQLIdentificatorNaming(name, isTable=False): @@ -2744,7 +2744,7 @@ def isBinaryData(value): retVal = False if isinstance(value, basestring): - retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False) + retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False) return retVal def isNoneValue(value): @@ -3071,7 +3071,7 @@ def unserializeObject(value): retVal = None if value: - retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode + retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode return retVal def resetCounter(technique): diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index a2eea12e8..0b0cfcfb9 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -110,13 +110,13 @@ class Enumeration: bannerParser(kb.data.banner) if conf.os and conf.os == "windows": - kb.bannerFp["type"] = set([ "Windows" ]) + kb.bannerFp["type"] = set(["Windows"]) elif conf.os and conf.os == "linux": - kb.bannerFp["type"] = set([ "Linux" ]) + kb.bannerFp["type"] = set(["Linux"]) elif conf.os: - kb.bannerFp["type"] = set([ "%s%s" % (conf.os[0].upper(), conf.os[1:]) ]) + kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])]) if conf.os: setOs() @@ -168,8 +168,8 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].users - condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) ) - condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema ) + condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008"))) + condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema) if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: if condition: @@ -260,7 +260,7 @@ class Enumeration: randStr = randomStr() getCurrentThreadData().disableStdOut = True - retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=False) + retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False) if retVal: for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): @@ -280,7 +280,7 @@ class Enumeration: password = parsePasswordHash(password) - if not kb.data.cachedUsersPasswords.has_key(user): + if user not in kb.data.cachedUsersPasswords: kb.data.cachedUsersPasswords[user] = [password] else: kb.data.cachedUsersPasswords[user].append(password) @@ -302,7 +302,7 @@ class Enumeration: randStr = randomStr() query = rootQuery.inband.query - retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=True) + retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True) if retVal: for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): @@ -389,24 +389,24 @@ class Enumeration: def __isAdminFromPrivileges(self, privileges): # In PostgreSQL the usesuper privilege means that the # user is DBA - dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges ) + dbaCondition = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges) # In Oracle the DBA privilege means that the # user is DBA - dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges ) + dbaCondition |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges) # In MySQL >= 5.0 the SUPER privilege means # that the user is DBA - dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges ) + dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges) # In MySQL < 5.0 the super_priv privilege means # that the user is DBA - dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges ) + dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges) # In Firebird there is no specific privilege that means # that the user is DBA # TODO: confirm - dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) + dbaCondition |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges) return dbaCondition @@ -490,7 +490,7 @@ class Enumeration: # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): + elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is @@ -521,7 +521,7 @@ class Enumeration: if self.__isAdminFromPrivileges(privileges): areAdmins.add(user) - if kb.data.cachedUsersPrivileges.has_key(user): + if user in kb.data.cachedUsersPrivileges: kb.data.cachedUsersPrivileges[user].extend(privileges) else: kb.data.cachedUsersPrivileges[user] = list(privileges) @@ -615,7 +615,7 @@ class Enumeration: # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): + elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is @@ -679,7 +679,7 @@ class Enumeration: errMsg += "for the database users" raise sqlmapNoneDataException, errMsg - return ( kb.data.cachedUsersPrivileges, areAdmins ) + return (kb.data.cachedUsersPrivileges, areAdmins) def getRoles(self, query2=False): warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms() @@ -830,7 +830,7 @@ class Enumeration: if resumeAvailable: for db, table in kb.brute.tables: if db == conf.db: - if not kb.data.cachedTables.has_key(conf.db): + if conf.db not in kb.data.cachedTables: kb.data.cachedTables[conf.db] = [table] else: kb.data.cachedTables[conf.db].append(table) @@ -882,7 +882,7 @@ class Enumeration: db = safeSQLIdentificatorNaming(db) table = safeSQLIdentificatorNaming(table, True) - if not kb.data.cachedTables.has_key(db): + if db not in kb.data.cachedTables: kb.data.cachedTables[db] = [table] else: kb.data.cachedTables[db].append(table) @@ -1078,7 +1078,7 @@ class Enumeration: infoMsg += "database '%s'" % conf.db logger.info(infoMsg) - return { conf.db: kb.data.cachedColumns[conf.db]} + return {conf.db: kb.data.cachedColumns[conf.db]} infoMsg = "fetching columns " @@ -1101,10 +1101,10 @@ class Enumeration: infoMsg += "on database '%s'" % conf.db logger.info(infoMsg) - if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery - elif Backend.getIdentifiedDbms() in ( DBMS.ORACLE, DBMS.DB2): + elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper()) query += condQuery elif Backend.isDbms(DBMS.MSSQL): @@ -1147,7 +1147,7 @@ class Enumeration: infoMsg += "database '%s'" % conf.db logger.info(infoMsg) - return { conf.db: kb.data.cachedColumns[conf.db]} + return {conf.db: kb.data.cachedColumns[conf.db]} infoMsg = "fetching columns " @@ -1170,7 +1170,7 @@ class Enumeration: infoMsg += "on database '%s'" % conf.db logger.info(infoMsg) - if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery @@ -1209,7 +1209,7 @@ class Enumeration: indexRange = getLimitRange(count) for index in indexRange: - if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery field = None @@ -1232,7 +1232,7 @@ class Enumeration: if not isNoneValue(column): if not onlyColNames: - if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db)) elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column) @@ -1457,7 +1457,7 @@ class Enumeration: if conf.limitStart or conf.limitStop: if conf.limitStart and (i + 1) < conf.limitStart: - warnMsg = "skipping first %d pivot " % conf.limitStart + warnMsg = "skipping first %d pivot " % conf.limitStart warnMsg += "point values" singleTimeWarnMessage(warnMsg) break @@ -1611,7 +1611,7 @@ class Enumeration: if isNoneValue(entries): entries = [] elif isinstance(entries, basestring): - entries = [ entries ] + entries = [entries] elif not isinstance(entries, (list, tuple)): entries = [] @@ -1621,8 +1621,8 @@ class Enumeration: for column in colList: colLen = len(column) - if not kb.data.dumpedTable.has_key(column): - kb.data.dumpedTable[column] = { "length": colLen, "values": [] } + if column not in kb.data.dumpedTable: + kb.data.dumpedTable[column] = {"length": colLen, "values": []} for entry in entries: if entry is None or len(entry) == 0: @@ -1667,7 +1667,7 @@ class Enumeration: entries = {} if count == 0: - warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl) + warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl) warnMsg += "on database '%s' " % unsafeSQLIdentificatorNaming(conf.db) warnMsg += "appears to be empty" logger.warn(warnMsg) @@ -1711,7 +1711,7 @@ class Enumeration: if column not in entries: entries[column] = BigArray() - if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.query % (column, conf.db, conf.tbl, sorted(colList, key=len)[0], index) elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query % (column, column, @@ -1736,7 +1736,7 @@ class Enumeration: for column, columnEntries in entries.items(): length = max(lengths[column], len(column)) - kb.data.dumpedTable[column] = { "length": length, "values": columnEntries } + kb.data.dumpedTable[column] = {"length": length, "values": columnEntries} entriesCount = len(columnEntries) @@ -1748,9 +1748,9 @@ class Enumeration: warnMsg += "on database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "") logger.warn(warnMsg) else: - kb.data.dumpedTable["__infos__"] = { "count": entriesCount, - "table": safeSQLIdentificatorNaming(tbl, True), - "db": safeSQLIdentificatorNaming(conf.db) } + kb.data.dumpedTable["__infos__"] = {"count": entriesCount, + "table": safeSQLIdentificatorNaming(tbl, True), + "db": safeSQLIdentificatorNaming(conf.db)} attackDumpedTable() conf.dumper.dbTableValues(kb.data.dumpedTable) @@ -1783,7 +1783,7 @@ class Enumeration: if kb.data.cachedTables: if isinstance(kb.data.cachedTables, list): - kb.data.cachedTables = { None : kb.data.cachedTables } + kb.data.cachedTables = {None : kb.data.cachedTables} for db, tables in kb.data.cachedTables.items(): conf.db = db @@ -1915,7 +1915,7 @@ class Enumeration: if not isNoneValue(values): if isinstance(values, basestring): - values = [ values ] + values = [values] for value in values: value = safeSQLIdentificatorNaming(value) @@ -2040,7 +2040,7 @@ class Enumeration: if foundDb in foundTbls: foundTbls[foundDb].append(foundTbl) else: - foundTbls[foundDb] = [ foundTbl ] + foundTbls[foundDb] = [foundTbl] else: infoMsg = "fetching number of databases with table" if tblConsider == "1": @@ -2231,7 +2231,7 @@ class Enumeration: if foundDb in foundCols[column]: foundCols[column][foundDb].append(foundTbl) else: - foundCols[column][foundDb] = [ foundTbl ] + foundCols[column][foundDb] = [foundTbl] else: if not conf.db: infoMsg = "fetching number of databases with tables containing column" @@ -2360,7 +2360,6 @@ class Enumeration: def sqlQuery(self, query): output = None sqlType = None - getOutput = None query = query.rstrip(';') @@ -2425,7 +2424,7 @@ class Enumeration: if not query: continue - if query.lower() in ( "x", "q", "exit", "quit" ): + if query.lower() in ("x", "q", "exit", "quit"): break output = self.sqlQuery(query)