minor refactoring

2024-11-25 11:03:47 +03:00 · 2011-04-07 10:27:22 +00:00 · 2011-04-07 10:27:22 +00:00 · 845533e92f
commit 845533e92f
parent 1880f18367
2 changed files with 18 additions and 14 deletions
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -125,7 +125,6 @@ class PAYLOAD:
        UNION       = "union"

    class TECHNIQUE:
-        HEURISTIC = 0
        BOOLEAN = 1
        ERROR = 2
        UNION = 3
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -606,26 +606,31 @@ def __setOS():
        raise sqlmapUnsupportedDBMSException, errMsg

 def __setTechnique():
-    validTechniques = getPublicTypeMembers(PAYLOAD.TECHNIQUE)
+    validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1])
+    validLetters = map(lambda x: x[0][0].upper(), validTechniques)

    if conf.tech and isinstance(conf.tech, basestring):
        selTechniques = []

-        for t in conf.tech:
-            if t.upper() not in ("B", "E", "U", "S", "T"):
-                errMsg = "value for --technique must be a string composed "
-                errMsg += "by the letters B, E, U, S and T. Refer to the "
-                errMsg += "user's manual for details"
-                raise sqlmapSyntaxException, errMsg
+        # e.g.: BEUST
+        if not conf.tech.isdigit():
+            for letter in conf.tech:
+                if letter.upper() not in validLetters:
+                    errMsg = "value for --technique must be a string composed "
+                    errMsg += "by the letters %s. Refer to the " % ",".join(validLetters)
+                    errMsg += "user's manual for details"
+                    raise sqlmapSyntaxException, errMsg

-            for validTech, validInt in validTechniques:
-                if t.upper() == validTech[0]:
-                    selTechniques.append(validInt)
-                    break
+                for validTech, validInt in validTechniques:
+                    if letter.upper() == validTech[0]:
+                        selTechniques.append(validInt)
+                        break
+
+        # e.g.: 12345
+        else:
+            selTechniques = filter(lambda x: x in PAYLOAD.SQLINJECTION, [int(c) for c in str(conf.tech)])

        conf.tech = selTechniques
-    else:
-        conf.tech = filter(lambda x: x in PAYLOAD.SQLINJECTION, [int(c) for c in str(conf.tech)])

    if len(conf.tech) > 0:
        # TODO: consider MySQL/PHP/ASP/web backdoor case where stacked