mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	minor refactoring
This commit is contained in:
		
							parent
							
								
									0b54553a76
								
							
						
					
					
						commit
						81bd9a201b
					
				|  | @ -101,8 +101,6 @@ from lib.core.settings import DUMP_NEWLINE_MARKER | |||
| from lib.core.settings import DUMP_CR_MARKER | ||||
| from lib.core.settings import DUMP_DEL_MARKER | ||||
| from lib.core.settings import DUMP_TAB_MARKER | ||||
| from lib.core.settings import DUMP_START_MARKER | ||||
| from lib.core.settings import DUMP_STOP_MARKER | ||||
| from lib.core.settings import ML | ||||
| from lib.core.settings import MIN_TIME_RESPONSES | ||||
| from lib.core.settings import PAYLOAD_DELIMITER | ||||
|  | @ -1047,7 +1045,6 @@ def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False): | |||
|         replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t") | ||||
| 
 | ||||
|         if not onlyNewlineTab: | ||||
|             replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "") | ||||
|             replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ") | ||||
| 
 | ||||
|     return replacedString | ||||
|  | @ -1351,14 +1348,8 @@ def parseUnionPage(output, expression, partial=False, sort=True): | |||
| 
 | ||||
|     data = BigArray() | ||||
| 
 | ||||
|     outCond1 = ( output.startswith(kb.chars.start) and output.endswith(kb.chars.stop) ) | ||||
|     outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) ) | ||||
| 
 | ||||
|     if outCond1 or outCond2: | ||||
|         if outCond1: | ||||
|     if output.startswith(kb.chars.start) and output.endswith(kb.chars.stop): | ||||
|         regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop) | ||||
|         elif outCond2: | ||||
|             regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER) | ||||
| 
 | ||||
|         output = re.findall(regExpr, output, re.DOTALL | re.IGNORECASE) | ||||
| 
 | ||||
|  | @ -2536,11 +2527,12 @@ def setOptimize(): | |||
| 
 | ||||
| def initTechnique(technique=None): | ||||
|     """ | ||||
|     Prepares proper page template and match ratio for technique specified | ||||
|     Prepares data for technique specified | ||||
|     """ | ||||
| 
 | ||||
|     try: | ||||
|         data = getTechniqueData(technique) | ||||
|         resetCounter(technique) | ||||
| 
 | ||||
|         if data: | ||||
|             kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place) | ||||
|  | @ -3172,3 +3164,11 @@ def unserializeObject(value): | |||
|     if value: | ||||
|         retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode | ||||
|     return retVal | ||||
| 
 | ||||
| def resetCounter(counter): | ||||
|     kb.counters[counter] = 0 | ||||
| 
 | ||||
| def incrementCounter(counter): | ||||
|     if counter not in kb.counters: | ||||
|         resetCounter(counter) | ||||
|     kb.counters[counter] += 1 | ||||
|  |  | |||
|  | @ -1402,6 +1402,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): | |||
|     kb.cache.stdev = {} | ||||
| 
 | ||||
|     kb.commonOutputs = None | ||||
|     kb.counters = {} | ||||
|     kb.data = AttribDict() | ||||
|     kb.dataOutputFlag = False | ||||
| 
 | ||||
|  |  | |||
|  | @ -52,8 +52,6 @@ DUMP_NEWLINE_MARKER = "__NEWLINE__" | |||
| DUMP_CR_MARKER = "__CARRIAGE_RETURN__" | ||||
| DUMP_DEL_MARKER = "__DEL__" | ||||
| DUMP_TAB_MARKER = "__TAB__" | ||||
| DUMP_START_MARKER = "__START__" | ||||
| DUMP_STOP_MARKER = "__STOP__" | ||||
| 
 | ||||
| URI_QUESTION_MARKER = "__QUESTION_MARK__" | ||||
| 
 | ||||
|  |  | |||
|  | @ -19,6 +19,7 @@ from lib.core.common import dataToSessionFile | |||
| from lib.core.common import dataToStdout | ||||
| from lib.core.common import extractRegexResult | ||||
| from lib.core.common import getUnicode | ||||
| from lib.core.common import incrementCounter | ||||
| from lib.core.common import initTechnique | ||||
| from lib.core.common import isNumPosStrValue | ||||
| from lib.core.common import listToStrValue | ||||
|  | @ -46,11 +47,7 @@ from lib.core.unescaper import unescaper | |||
| from lib.request.connect import Connect as Request | ||||
| from lib.utils.resume import resume | ||||
| 
 | ||||
| reqCount = 0 | ||||
| 
 | ||||
| def __oneShotErrorUse(expression, field): | ||||
|     global reqCount | ||||
| 
 | ||||
|     retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None | ||||
| 
 | ||||
|     threadData = getCurrentThreadData() | ||||
|  | @ -85,7 +82,7 @@ def __oneShotErrorUse(expression, field): | |||
|             # Perform the request | ||||
|             page, headers = Request.queryPage(payload, content=True) | ||||
| 
 | ||||
|             reqCount += 1 | ||||
|             incrementCounter(PAYLOAD.TECHNIQUE.ERROR) | ||||
| 
 | ||||
|             # Parse the returned page to get the exact error-based | ||||
|             # sql injection output | ||||
|  | @ -204,8 +201,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): | |||
| 
 | ||||
|     initTechnique(PAYLOAD.TECHNIQUE.ERROR) | ||||
| 
 | ||||
|     global reqCount | ||||
| 
 | ||||
|     count = None | ||||
|     start = time.time() | ||||
|     startLimit = 0 | ||||
|  | @ -213,7 +208,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): | |||
|     outputs = [] | ||||
|     untilLimitChar = None | ||||
|     untilOrderChar = None | ||||
|     reqCount = 0 | ||||
| 
 | ||||
|     if resumeValue: | ||||
|         output = resume(expression, None) | ||||
|  | @ -392,7 +386,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): | |||
|     duration = calculateDeltaSeconds(start) | ||||
| 
 | ||||
|     if not kb.bruteMode: | ||||
|         debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) | ||||
|         debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration) | ||||
|         logger.debug(debugMsg) | ||||
| 
 | ||||
|     return outputs | ||||
|  |  | |||
|  | @ -20,6 +20,7 @@ from lib.core.common import dataToStdout | |||
| from lib.core.common import extractRegexResult | ||||
| from lib.core.common import getConsoleWidth | ||||
| from lib.core.common import getUnicode | ||||
| from lib.core.common import incrementCounter | ||||
| from lib.core.common import initTechnique | ||||
| from lib.core.common import isNumPosStrValue | ||||
| from lib.core.common import listToStrValue | ||||
|  | @ -44,11 +45,7 @@ from lib.core.unescaper import unescaper | |||
| from lib.request.connect import Connect as Request | ||||
| from lib.utils.resume import resume | ||||
| 
 | ||||
| reqCount = 0 | ||||
| 
 | ||||
| def __oneShotUnionUse(expression, unpack=True, limited=False): | ||||
|     global reqCount | ||||
| 
 | ||||
|     retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None | ||||
| 
 | ||||
|     threadData = getCurrentThreadData() | ||||
|  | @ -59,13 +56,9 @@ def __oneShotUnionUse(expression, unpack=True, limited=False): | |||
|         trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start) | ||||
| 
 | ||||
|         # Prepare expression with delimiters | ||||
|         injExpression = agent.concatQuery(expression, unpack) | ||||
|         injExpression = unescaper.unescape(injExpression) | ||||
|         injExpression = unescaper.unescape(agent.concatQuery(expression, unpack)) | ||||
| 
 | ||||
|         if conf.limitStart or conf.limitStop: | ||||
|             where = PAYLOAD.WHERE.NEGATIVE | ||||
|         else: | ||||
|             where = None | ||||
|         where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None | ||||
| 
 | ||||
|         # Forge the inband SQL injection request | ||||
|         vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector | ||||
|  | @ -75,7 +68,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False): | |||
|         # Perform the request | ||||
|         page, headers = Request.queryPage(payload, content=True, raise404=False) | ||||
| 
 | ||||
|         reqCount += 1 | ||||
|         incrementCounter(PAYLOAD.TECHNIQUE.UNION) | ||||
| 
 | ||||
|         # Parse the returned page to get the exact union-based | ||||
|         # sql injection output | ||||
|  | @ -129,8 +122,7 @@ def configUnion(char=None, columns=None): | |||
|         if not colsStart.isdigit() or not colsStop.isdigit(): | ||||
|             raise sqlmapSyntaxException, "--union-cols must be a range of integers" | ||||
| 
 | ||||
|         conf.uColsStart = int(colsStart) | ||||
|         conf.uColsStop = int(colsStop) | ||||
|         conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) | ||||
| 
 | ||||
|         if conf.uColsStart > conf.uColsStop: | ||||
|             errMsg = "--union-cols range has to be from lower to " | ||||
|  | @ -149,15 +141,13 @@ def unionUse(expression, unpack=True, dump=False): | |||
| 
 | ||||
|     initTechnique(PAYLOAD.TECHNIQUE.UNION) | ||||
| 
 | ||||
|     global reqCount | ||||
| 
 | ||||
|     count = None | ||||
|     origExpr = expression | ||||
|     startLimit = 0 | ||||
|     stopLimit = None | ||||
|     test = True | ||||
|     value = "" | ||||
|     reqCount = 0 | ||||
| 
 | ||||
|     width = getConsoleWidth() | ||||
|     start = time.time() | ||||
| 
 | ||||
|  | @ -362,7 +352,7 @@ def unionUse(expression, unpack=True, dump=False): | |||
|     duration = calculateDeltaSeconds(start) | ||||
| 
 | ||||
|     if not kb.bruteMode: | ||||
|         debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) | ||||
|         debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration) | ||||
|         logger.debug(debugMsg) | ||||
| 
 | ||||
|     return value | ||||
|  |  | |||
|  | @ -116,5 +116,9 @@ class HashDB(object): | |||
|     def endTransaction(self): | ||||
|         threadData = getCurrentThreadData() | ||||
|         if threadData.inTransaction: | ||||
|             try: | ||||
|                 self.cursor.execute('END TRANSACTION') | ||||
|             except sqlite3.OperationalError, ex: | ||||
|                 pass | ||||
|             finally: | ||||
|                 threadData.inTransaction = False | ||||
|  |  | |||
|  | @ -27,8 +27,6 @@ from lib.core.enums import DBMS | |||
| from lib.core.enums import PAYLOAD | ||||
| from lib.core.unescaper import unescaper | ||||
| from lib.techniques.blind.inference import bisection | ||||
| from lib.core.settings import DUMP_START_MARKER | ||||
| from lib.core.settings import DUMP_STOP_MARKER | ||||
| from lib.core.settings import DUMP_DEL_MARKER | ||||
| 
 | ||||
| def queryOutputLength(expression, payload): | ||||
|  | @ -120,20 +118,11 @@ def resume(expression, payload): | |||
|             resumedValue = resumedValue[:-1] | ||||
| 
 | ||||
|             infoMsg = "read from file '%s': " % conf.sessionFile | ||||
|             logValue = getCompiledRegex("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), re.S).findall(resumedValue) | ||||
| 
 | ||||
|             if logValue: | ||||
|                 if kb.technique == PAYLOAD.TECHNIQUE.UNION: | ||||
|                     logValue = ", ".join(value.replace(DUMP_DEL_MARKER, ", ") for value in logValue) | ||||
|             if "\n" in resumedValue: | ||||
|                 infoMsg += "%s..." % resumedValue.split("\n")[0] | ||||
|             else: | ||||
|                     return None | ||||
|             else: | ||||
|                 logValue = resumedValue | ||||
| 
 | ||||
|             if "\n" in logValue: | ||||
|                 infoMsg += "%s..." % logValue.split("\n")[0] | ||||
|             else: | ||||
|                 infoMsg += logValue | ||||
|                 infoMsg += resumedValue | ||||
| 
 | ||||
|             if not kb.suppressResumeInfo: | ||||
|                 dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg)) | ||||
|  |  | |||
|  | @ -1444,7 +1444,7 @@ class Enumeration: | |||
| 
 | ||||
|         if not validPivotValue: | ||||
|             warnMsg = "no proper pivot column provided (with unique values)."  | ||||
|             warnMsg += " all rows can't be retrieved." | ||||
|             warnMsg += " It's not possible to retrieve all rows." | ||||
|             logger.warn(warnMsg) | ||||
| 
 | ||||
|         pivotValue = " " | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user