sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor code restyling

Browse Source
This commit is contained in:
Miroslav Stampar 2012-02-22 15:53:36 +00:00
parent 61a25418a9
commit 6e54cb171f
3 changed files with 78 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/controller/checks.py
View File

@ -201,7 +201,7 @@ def checkSqlInjection(place, parameter, value):
clauseMatch = True clauseMatch = True
break break
if clause != [ 0 ] and injection.clause and injection.clause != [ 0 ] and not clauseMatch: if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch:
debugMsg = "skipping test '%s' because the clauses " % title debugMsg = "skipping test '%s' because the clauses " % title
debugMsg += "differs from the clause already identified" debugMsg += "differs from the clause already identified"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -243,7 +243,7 @@ def checkSqlInjection(place, parameter, value):
clauseMatch = True clauseMatch = True
break break
if test.clause != [ 0 ] and boundary.clause != [ 0 ] and not clauseMatch: if test.clause != [0] and boundary.clause != [0] and not clauseMatch:
continue continue
# Skip boundary if it does not match against test's <where> # Skip boundary if it does not match against test's <where>
@ -328,7 +328,7 @@ def checkSqlInjection(place, parameter, value):
# Useful to set kb.matchRatio at first based on # Useful to set kb.matchRatio at first based on
# the False response content # the False response content
kb.matchRatio = None kb.matchRatio = None
_ = Request.queryPage(genCmpPayload(), place, raise404=False) Request.queryPage(genCmpPayload(), place, raise404=False)
# If in the comparing stage there was an error # If in the comparing stage there was an error
# then anything non-error will be considered as True # then anything non-error will be considered as True
@ -626,7 +626,7 @@ def simpletonCheckSqlInjection(place, parameter, value):
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()): if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO: if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
payload = "%s AND %d=%d" % (value, randInt, randInt+1) payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
payload = agent.payload(place, parameter, value, payload) payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False) secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
@ -737,7 +737,7 @@ def checkStability():
infoMsg = "testing if the url is stable, wait a few seconds" infoMsg = "testing if the url is stable, wait a few seconds"
logger.info(infoMsg) logger.info(infoMsg)
firstPage = kb.originalPage # set inside checkConnection() firstPage = kb.originalPage # set inside checkConnection()
time.sleep(1) time.sleep(1)
secondPage, _ = Request.queryPage(content=True, raise404=False) secondPage, _ = Request.queryPage(content=True, raise404=False)

64
lib/core/common.py
View File

@ -290,7 +290,7 @@ class Backend:
@staticmethod @staticmethod
def setVersion(version): def setVersion(version):
if isinstance(version, basestring): if isinstance(version, basestring):
kb.dbmsVersion = [ version ] kb.dbmsVersion = [version]
return kb.dbmsVersion return kb.dbmsVersion
@ -370,7 +370,7 @@ class Backend:
while True: while True:
_ = readInput(msg, default='1') _ = readInput(msg, default='1')
if isinstance(_, basestring) and _.isdigit() and int(_) in ( 1, 2 ): if isinstance(_, basestring) and _.isdigit() and int(_) in (1, 2):
kb.arch = 32 if int(_) == 1 else 64 kb.arch = 32 if int(_) == 1 else 64
break break
@ -493,7 +493,7 @@ class Backend:
# Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/ # Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
def cachedmethod(f, cache={}): def cachedmethod(f, cache={}):
def g(*args, **kwargs): def g(*args, **kwargs):
key = ( f, tuple(args), frozenset(kwargs.items()) ) key = (f, tuple(args), frozenset(kwargs.items()))
if key not in cache: if key not in cache:
cache[key] = f(*args, **kwargs) cache[key] = f(*args, **kwargs)
return cache[key] return cache[key]
@ -517,7 +517,7 @@ def paramToDict(place, parameters=None):
testableParameters = OrderedDict() testableParameters = OrderedDict()
if conf.parameters.has_key(place) and not parameters: if place in conf.parameters and not parameters:
parameters = conf.parameters[place] parameters = conf.parameters[place]
if place != PLACE.SOAP: if place != PLACE.SOAP:
@ -587,7 +587,7 @@ def paramToDict(place, parameters=None):
elif len(conf.testParameter) != len(testableParameters.keys()): elif len(conf.testParameter) != len(testableParameters.keys()):
for parameter in conf.testParameter: for parameter in conf.testParameter:
if not testableParameters.has_key(parameter): if parameter not in testableParameters:
warnMsg = "provided parameter '%s' " % parameter warnMsg = "provided parameter '%s' " % parameter
warnMsg += "is not inside the %s" % place warnMsg += "is not inside the %s" % place
logger.warn(warnMsg) logger.warn(warnMsg)
@ -1087,7 +1087,7 @@ def parseTargetDirect():
import pyodbc import pyodbc
elif dbmsName == DBMS.FIREBIRD: elif dbmsName == DBMS.FIREBIRD:
import kinterbasdb import kinterbasdb
except ImportError, _: except ImportError:
errMsg = "sqlmap requires '%s' third-party library " % data[1] errMsg = "sqlmap requires '%s' third-party library " % data[1]
errMsg += "in order to directly connect to the database " errMsg += "in order to directly connect to the database "
errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
@ -1259,7 +1259,7 @@ def parseFilePaths(page):
""" """
if page: if page:
for regex in ( r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" ): for regex in (r" in <b>(?P<result>.*?)</b> on line", r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)"):
for match in re.finditer(regex, page): for match in re.finditer(regex, page):
absFilePath = match.group("result").strip() absFilePath = match.group("result").strip()
page = page.replace(absFilePath, "") page = page.replace(absFilePath, "")
@ -1303,30 +1303,30 @@ def getCharset(charsetType=None):
# 0 or 1 # 0 or 1
elif charsetType == 1: elif charsetType == 1:
asciiTbl.extend([ 0, 1 ]) asciiTbl.extend([0, 1])
asciiTbl.extend(xrange(47, 50)) asciiTbl.extend(xrange(47, 50))
# Digits # Digits
elif charsetType == 2: elif charsetType == 2:
asciiTbl.extend([ 0, 1 ]) asciiTbl.extend([0, 1])
asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(47, 58))
# Hexadecimal # Hexadecimal
elif charsetType == 3: elif charsetType == 3:
asciiTbl.extend([ 0, 1 ]) asciiTbl.extend([0, 1])
asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(47, 58))
asciiTbl.extend(xrange(64, 71)) asciiTbl.extend(xrange(64, 71))
asciiTbl.extend(xrange(96, 103)) asciiTbl.extend(xrange(96, 103))
# Characters # Characters
elif charsetType == 4: elif charsetType == 4:
asciiTbl.extend([ 0, 1 ]) asciiTbl.extend([0, 1])
asciiTbl.extend(xrange(64, 91)) asciiTbl.extend(xrange(64, 91))
asciiTbl.extend(xrange(96, 123)) asciiTbl.extend(xrange(96, 123))
# Characters and digits # Characters and digits
elif charsetType == 5: elif charsetType == 5:
asciiTbl.extend([ 0, 1 ]) asciiTbl.extend([0, 1])
asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(47, 58))
asciiTbl.extend(xrange(64, 91)) asciiTbl.extend(xrange(64, 91))
asciiTbl.extend(xrange(96, 123)) asciiTbl.extend(xrange(96, 123))
@ -1417,7 +1417,7 @@ def safeStringFormat(format_, params):
if index != -1: if index != -1:
if count < len(params): if count < len(params):
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index+2:] retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
else: else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting" raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
@ -1465,7 +1465,7 @@ def showStaticWords(firstPage, secondPage):
if firstPage and secondPage: if firstPage and secondPage:
match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage)) match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage))
commonText = firstPage[match[0]:match[0]+match[2]] commonText = firstPage[match[0]:match[0] + match[2]]
commonWords = getPageWordSet(commonText) commonWords = getPageWordSet(commonText)
else: else:
commonWords = None commonWords = None
@ -1509,7 +1509,7 @@ def decloakToMkstemp(filepath, **kwargs):
handle, name = mkstemp(**kwargs) handle, name = mkstemp(**kwargs)
fptr = os.fdopen(handle) fptr = os.fdopen(handle)
fptr.close() # close low level handle (causing problems latter) fptr.close() # close low level handle (causing problems latter)
retVal = open(name, 'w+b') retVal = open(name, 'w+b')
@ -1689,7 +1689,7 @@ def stdev(values):
else: else:
avg = average(values) avg = average(values)
_ = reduce(lambda x, y: x + pow((y or 0) - avg, 2), values, 0.0) _ = reduce(lambda x, y: x + pow((y or 0) - avg, 2), values, 0.0)
retVal = sqrt(_/(len(values) - 1)) retVal = sqrt(_ / (len(values) - 1))
kb.cache.stdev[key] = retVal kb.cache.stdev[key] = retVal
return retVal return retVal
@ -1722,7 +1722,7 @@ def initCommonOutputs():
key = None key = None
with codecs.open(paths.COMMON_OUTPUTS, 'r', UNICODE_ENCODING) as f: with codecs.open(paths.COMMON_OUTPUTS, 'r', UNICODE_ENCODING) as f:
for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used for line in f.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
if line.find('#') != -1: if line.find('#') != -1:
line = line[:line.find('#')] line = line[:line.find('#')]
@ -1748,7 +1748,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
checkFile(filename) checkFile(filename)
with codecs.open(filename, 'r', UNICODE_ENCODING) if unicode_ else open(filename, 'r') as f: with codecs.open(filename, 'r', UNICODE_ENCODING) if unicode_ else open(filename, 'r') as f:
for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used
if commentPrefix: if commentPrefix:
if line.find(commentPrefix) != -1: if line.find(commentPrefix) != -1:
line = line[:line.find(commentPrefix)] line = line[:line.find(commentPrefix)]
@ -1873,7 +1873,7 @@ def getPartRun():
# Goes backwards through the stack to find the conf.dbmsHandler method # Goes backwards through the stack to find the conf.dbmsHandler method
# calling this function # calling this function
for i in xrange(0, len(stack)-1): for i in xrange(0, len(stack) - 1):
for regex in (getCompiledRegex('self\.(get[^(]+)\(\)'), getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')): for regex in (getCompiledRegex('self\.(get[^(]+)\(\)'), getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')):
match = regex.search(stack[i]) match = regex.search(stack[i])
@ -1918,7 +1918,7 @@ def getUnicode(value, encoding=None, system=False, noneToNull=False):
elif isinstance(value, basestring): elif isinstance(value, basestring):
return unicode(value, encoding or UNICODE_ENCODING, errors="replace") return unicode(value, encoding or UNICODE_ENCODING, errors="replace")
else: else:
return unicode(value) # encoding ignored for non-basestring instances return unicode(value) # encoding ignored for non-basestring instances
else: else:
try: try:
return getUnicode(value, sys.getfilesystemencoding() or sys.stdin.encoding) return getUnicode(value, sys.getfilesystemencoding() or sys.stdin.encoding)
@ -2102,7 +2102,7 @@ def runningAsAdmin():
isAdmin = False isAdmin = False
if PLATFORM in ( "posix", "mac" ): if PLATFORM in ("posix", "mac"):
isAdmin = os.geteuid() isAdmin = os.geteuid()
if isinstance(isAdmin, (int, float, long)) and isAdmin == 0: if isinstance(isAdmin, (int, float, long)) and isAdmin == 0:
@ -2262,7 +2262,7 @@ def findDynamicContent(firstPage, secondPage):
prefix = trimAlphaNum(prefix) prefix = trimAlphaNum(prefix)
suffix = trimAlphaNum(suffix) suffix = trimAlphaNum(suffix)
kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH/2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH/2]) if suffix else None)) kb.dynamicMarkings.append((re.escape(prefix[-DYNAMICITY_MARK_LENGTH / 2:]) if prefix else None, re.escape(suffix[:DYNAMICITY_MARK_LENGTH / 2]) if suffix else None))
if len(kb.dynamicMarkings) > 0: if len(kb.dynamicMarkings) > 0:
infoMsg = "dynamic content marked for removal (%d region%s)" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '') infoMsg = "dynamic content marked for removal (%d region%s)" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '')
@ -2424,7 +2424,7 @@ def initTechnique(technique=None):
warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique) warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)
logger.warn(warnMsg) logger.warn(warnMsg)
except sqlmapDataException, _: except sqlmapDataException:
errMsg = "missing data in old session file(s). " errMsg = "missing data in old session file(s). "
errMsg += "Please use '--flush-session' to deal " errMsg += "Please use '--flush-session' to deal "
errMsg += "with this error" errMsg += "with this error"
@ -2437,7 +2437,7 @@ def arrayizeValue(value):
""" """
if not isinstance(value, (list, tuple)): if not isinstance(value, (list, tuple)):
value = [ value ] value = [value]
return value return value
@ -2539,7 +2539,7 @@ def decodeIntToUnicode(value):
try: try:
# http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord # http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
return struct.pack('B' if value<256 else '<H', value).decode(kb.pageEncoding or UNICODE_ENCODING) return struct.pack('B' if value < 256 else '<H', value).decode(kb.pageEncoding or UNICODE_ENCODING)
else: else:
return unichr(value) return unichr(value)
except: except:
@ -2577,7 +2577,7 @@ def maskSensitiveData(msg):
regex = SENSITIVE_DATA_REGEX % item regex = SENSITIVE_DATA_REGEX % item
while extractRegexResult(regex, retVal): while extractRegexResult(regex, retVal):
value = extractRegexResult(regex, retVal) value = extractRegexResult(regex, retVal)
retVal = retVal.replace(value, '*'*len(value)) retVal = retVal.replace(value, '*' * len(value))
return retVal return retVal
@ -2658,10 +2658,10 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex: while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX) regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
if all(part.lower() in content.lower() for part in regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)): # fast optimization check if all(part.lower() in content.lower() for part in regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)): # fast optimization check
parts = regex.split(REFLECTED_NON_ALPHA_NUM_REGEX) parts = regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)
if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs
regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS/2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS/2:])) regex = "%s.+?%s" % (REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_NON_ALPHA_NUM_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:]))
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I) retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
@ -2689,7 +2689,7 @@ def normalizeUnicode(value):
retVal = value retVal = value
if isinstance(value, unicode): if isinstance(value, unicode):
retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore') retVal = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore')
return retVal return retVal
def safeSQLIdentificatorNaming(name, isTable=False): def safeSQLIdentificatorNaming(name, isTable=False):
@ -2744,7 +2744,7 @@ def isBinaryData(value):
retVal = False retVal = False
if isinstance(value, basestring): if isinstance(value, basestring):
retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False) retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
return retVal return retVal
def isNoneValue(value): def isNoneValue(value):
@ -3071,7 +3071,7 @@ def unserializeObject(value):
retVal = None retVal = None
if value: if value:
retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
return retVal return retVal
def resetCounter(technique): def resetCounter(technique):

83
plugins/generic/enumeration.py
View File

@ -110,13 +110,13 @@ class Enumeration:
bannerParser(kb.data.banner) bannerParser(kb.data.banner)
if conf.os and conf.os == "windows": if conf.os and conf.os == "windows":
kb.bannerFp["type"] = set([ "Windows" ]) kb.bannerFp["type"] = set(["Windows"])
elif conf.os and conf.os == "linux": elif conf.os and conf.os == "linux":
kb.bannerFp["type"] = set([ "Linux" ]) kb.bannerFp["type"] = set(["Linux"])
elif conf.os: elif conf.os:
kb.bannerFp["type"] = set([ "%s%s" % (conf.os[0].upper(), conf.os[1:]) ]) kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])])
if conf.os: if conf.os:
setOs() setOs()
@ -168,8 +168,8 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].users rootQuery = queries[Backend.getIdentifiedDbms()].users
condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) ) condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema ) condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
if condition: if condition:
@ -260,7 +260,7 @@ class Enumeration:
randStr = randomStr() randStr = randomStr()
getCurrentThreadData().disableStdOut = True getCurrentThreadData().disableStdOut = True
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=False) retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
if retVal: if retVal:
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
@ -280,7 +280,7 @@ class Enumeration:
password = parsePasswordHash(password) password = parsePasswordHash(password)
if not kb.data.cachedUsersPasswords.has_key(user): if user not in kb.data.cachedUsersPasswords:
kb.data.cachedUsersPasswords[user] = [password] kb.data.cachedUsersPasswords[user] = [password]
else: else:
kb.data.cachedUsersPasswords[user].append(password) kb.data.cachedUsersPasswords[user].append(password)
@ -302,7 +302,7 @@ class Enumeration:
randStr = randomStr() randStr = randomStr()
query = rootQuery.inband.query query = rootQuery.inband.query
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=True) retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True)
if retVal: if retVal:
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
@ -389,24 +389,24 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges): def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the # In PostgreSQL the usesuper privilege means that the
# user is DBA # user is DBA
dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges ) dbaCondition = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
# In Oracle the DBA privilege means that the # In Oracle the DBA privilege means that the
# user is DBA # user is DBA
dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges ) dbaCondition |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges)
# In MySQL >= 5.0 the SUPER privilege means # In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA # that the user is DBA
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges ) dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges)
# In MySQL < 5.0 the super_priv privilege means # In MySQL < 5.0 the super_priv privilege means
# that the user is DBA # that the user is DBA
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges ) dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges)
# In Firebird there is no specific privilege that means # In Firebird there is no specific privilege that means
# that the user is DBA # that the user is DBA
# TODO: confirm # TODO: confirm
dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) dbaCondition |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges)
return dbaCondition return dbaCondition
@ -490,7 +490,7 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list # In MySQL >= 5.0 and Oracle we get the list
# of privileges as string # of privileges as string
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema):
privileges.add(privilege) privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is # In MySQL < 5.0 we get Y if the privilege is
@ -521,7 +521,7 @@ class Enumeration:
if self.__isAdminFromPrivileges(privileges): if self.__isAdminFromPrivileges(privileges):
areAdmins.add(user) areAdmins.add(user)
if kb.data.cachedUsersPrivileges.has_key(user): if user in kb.data.cachedUsersPrivileges:
kb.data.cachedUsersPrivileges[user].extend(privileges) kb.data.cachedUsersPrivileges[user].extend(privileges)
else: else:
kb.data.cachedUsersPrivileges[user] = list(privileges) kb.data.cachedUsersPrivileges[user] = list(privileges)
@ -615,7 +615,7 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list # In MySQL >= 5.0 and Oracle we get the list
# of privileges as string # of privileges as string
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema):
privileges.add(privilege) privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is # In MySQL < 5.0 we get Y if the privilege is
@ -679,7 +679,7 @@ class Enumeration:
errMsg += "for the database users" errMsg += "for the database users"
raise sqlmapNoneDataException, errMsg raise sqlmapNoneDataException, errMsg
return ( kb.data.cachedUsersPrivileges, areAdmins ) return (kb.data.cachedUsersPrivileges, areAdmins)
def getRoles(self, query2=False): def getRoles(self, query2=False):
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms() warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
@ -830,7 +830,7 @@ class Enumeration:
if resumeAvailable: if resumeAvailable:
for db, table in kb.brute.tables: for db, table in kb.brute.tables:
if db == conf.db: if db == conf.db:
if not kb.data.cachedTables.has_key(conf.db): if conf.db not in kb.data.cachedTables:
kb.data.cachedTables[conf.db] = [table] kb.data.cachedTables[conf.db] = [table]
else: else:
kb.data.cachedTables[conf.db].append(table) kb.data.cachedTables[conf.db].append(table)
@ -882,7 +882,7 @@ class Enumeration:
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
table = safeSQLIdentificatorNaming(table, True) table = safeSQLIdentificatorNaming(table, True)
if not kb.data.cachedTables.has_key(db): if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table] kb.data.cachedTables[db] = [table]
else: else:
kb.data.cachedTables[db].append(table) kb.data.cachedTables[db].append(table)
@ -1078,7 +1078,7 @@ class Enumeration:
infoMsg += "database '%s'" % conf.db infoMsg += "database '%s'" % conf.db
logger.info(infoMsg) logger.info(infoMsg)
return { conf.db: kb.data.cachedColumns[conf.db]} return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns " infoMsg = "fetching columns "
@ -1101,10 +1101,10 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() in ( DBMS.ORACLE, DBMS.DB2): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper()) query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
query += condQuery query += condQuery
elif Backend.isDbms(DBMS.MSSQL): elif Backend.isDbms(DBMS.MSSQL):
@ -1147,7 +1147,7 @@ class Enumeration:
infoMsg += "database '%s'" % conf.db infoMsg += "database '%s'" % conf.db
logger.info(infoMsg) logger.info(infoMsg)
return { conf.db: kb.data.cachedColumns[conf.db]} return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns " infoMsg = "fetching columns "
@ -1170,7 +1170,7 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
@ -1209,7 +1209,7 @@ class Enumeration:
indexRange = getLimitRange(count) indexRange = getLimitRange(count)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
field = None field = None
@ -1232,7 +1232,7 @@ class Enumeration:
if not isNoneValue(column): if not isNoneValue(column):
if not onlyColNames: if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column) query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
@ -1457,7 +1457,7 @@ class Enumeration:
if conf.limitStart or conf.limitStop: if conf.limitStart or conf.limitStop:
if conf.limitStart and (i + 1) < conf.limitStart: if conf.limitStart and (i + 1) < conf.limitStart:
warnMsg = "skipping first %d pivot " % conf.limitStart warnMsg = "skipping first %d pivot " % conf.limitStart
warnMsg += "point values" warnMsg += "point values"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
break break
@ -1611,7 +1611,7 @@ class Enumeration:
if isNoneValue(entries): if isNoneValue(entries):
entries = [] entries = []
elif isinstance(entries, basestring): elif isinstance(entries, basestring):
entries = [ entries ] entries = [entries]
elif not isinstance(entries, (list, tuple)): elif not isinstance(entries, (list, tuple)):
entries = [] entries = []
@ -1621,8 +1621,8 @@ class Enumeration:
for column in colList: for column in colList:
colLen = len(column) colLen = len(column)
if not kb.data.dumpedTable.has_key(column): if column not in kb.data.dumpedTable:
kb.data.dumpedTable[column] = { "length": colLen, "values": [] } kb.data.dumpedTable[column] = {"length": colLen, "values": []}
for entry in entries: for entry in entries:
if entry is None or len(entry) == 0: if entry is None or len(entry) == 0:
@ -1667,7 +1667,7 @@ class Enumeration:
entries = {} entries = {}
if count == 0: if count == 0:
warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl) warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl)
warnMsg += "on database '%s' " % unsafeSQLIdentificatorNaming(conf.db) warnMsg += "on database '%s' " % unsafeSQLIdentificatorNaming(conf.db)
warnMsg += "appears to be empty" warnMsg += "appears to be empty"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -1711,7 +1711,7 @@ class Enumeration:
if column not in entries: if column not in entries:
entries[column] = BigArray() entries[column] = BigArray()
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query % (column, conf.db, conf.tbl, sorted(colList, key=len)[0], index) query = rootQuery.blind.query % (column, conf.db, conf.tbl, sorted(colList, key=len)[0], index)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = rootQuery.blind.query % (column, column, query = rootQuery.blind.query % (column, column,
@ -1736,7 +1736,7 @@ class Enumeration:
for column, columnEntries in entries.items(): for column, columnEntries in entries.items():
length = max(lengths[column], len(column)) length = max(lengths[column], len(column))
kb.data.dumpedTable[column] = { "length": length, "values": columnEntries } kb.data.dumpedTable[column] = {"length": length, "values": columnEntries}
entriesCount = len(columnEntries) entriesCount = len(columnEntries)
@ -1748,9 +1748,9 @@ class Enumeration:
warnMsg += "on database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "") warnMsg += "on database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "")
logger.warn(warnMsg) logger.warn(warnMsg)
else: else:
kb.data.dumpedTable["__infos__"] = { "count": entriesCount, kb.data.dumpedTable["__infos__"] = {"count": entriesCount,
"table": safeSQLIdentificatorNaming(tbl, True), "table": safeSQLIdentificatorNaming(tbl, True),
"db": safeSQLIdentificatorNaming(conf.db) } "db": safeSQLIdentificatorNaming(conf.db)}
attackDumpedTable() attackDumpedTable()
conf.dumper.dbTableValues(kb.data.dumpedTable) conf.dumper.dbTableValues(kb.data.dumpedTable)
@ -1783,7 +1783,7 @@ class Enumeration:
if kb.data.cachedTables: if kb.data.cachedTables:
if isinstance(kb.data.cachedTables, list): if isinstance(kb.data.cachedTables, list):
kb.data.cachedTables = { None : kb.data.cachedTables } kb.data.cachedTables = {None : kb.data.cachedTables}
for db, tables in kb.data.cachedTables.items(): for db, tables in kb.data.cachedTables.items():
conf.db = db conf.db = db
@ -1915,7 +1915,7 @@ class Enumeration:
if not isNoneValue(values): if not isNoneValue(values):
if isinstance(values, basestring): if isinstance(values, basestring):
values = [ values ] values = [values]
for value in values: for value in values:
value = safeSQLIdentificatorNaming(value) value = safeSQLIdentificatorNaming(value)
@ -2040,7 +2040,7 @@ class Enumeration:
if foundDb in foundTbls: if foundDb in foundTbls:
foundTbls[foundDb].append(foundTbl) foundTbls[foundDb].append(foundTbl)
else: else:
foundTbls[foundDb] = [ foundTbl ] foundTbls[foundDb] = [foundTbl]
else: else:
infoMsg = "fetching number of databases with table" infoMsg = "fetching number of databases with table"
if tblConsider == "1": if tblConsider == "1":
@ -2231,7 +2231,7 @@ class Enumeration:
if foundDb in foundCols[column]: if foundDb in foundCols[column]:
foundCols[column][foundDb].append(foundTbl) foundCols[column][foundDb].append(foundTbl)
else: else:
foundCols[column][foundDb] = [ foundTbl ] foundCols[column][foundDb] = [foundTbl]
else: else:
if not conf.db: if not conf.db:
infoMsg = "fetching number of databases with tables containing column" infoMsg = "fetching number of databases with tables containing column"
@ -2360,7 +2360,6 @@ class Enumeration:
def sqlQuery(self, query): def sqlQuery(self, query):
output = None output = None
sqlType = None sqlType = None
getOutput = None
query = query.rstrip(';') query = query.rstrip(';')
@ -2425,7 +2424,7 @@ class Enumeration:
if not query: if not query:
continue continue
if query.lower() in ( "x", "q", "exit", "quit" ): if query.lower() in ("x", "q", "exit", "quit"):
break break
output = self.sqlQuery(query) output = self.sqlQuery(query)