From 89c721a451857c35e6199fcad4339cfbc3fe1b6e Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 29 May 2010 10:10:28 +0000 Subject: [PATCH] More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. --- lib/core/common.py | 8 +++++--- lib/core/option.py | 4 ++-- lib/core/update.py | 7 ++++--- lib/takeover/metasploit.py | 5 +++-- lib/utils/detection.py | 22 ++++++++++++++++------ plugins/dbms/mssqlserver/filesystem.py | 3 ++- plugins/generic/filesystem.py | 5 +++-- 7 files changed, 35 insertions(+), 19 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 0eb2a3e86..7fb8c8a5f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1080,8 +1080,10 @@ def decloakToNamedTemporaryFile(filepath, name=None): def decloakToMkstemp(filepath, **kwargs): name = mkstemp(**kwargs)[1] retVal = open(name, 'w+b') + retVal.write(decloak(filepath)) retVal.seek(0) + return retVal def isWindowsPath(filepath): @@ -1143,7 +1145,7 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): # Create dot file by using extra/gprof2dot/gprof2dot.py # http://code.google.com/p/jrfonseca/wiki/Gprof2Dot - dotFilePointer = open(dotOutputFile, 'wt') + dotFilePointer = codecs.open(dotOutputFile, 'wt', conf.dataEncoding) parser = gprof2dot.PstatsParser(profileOutputFile) profile = parser.parse() profile.prune(0.5/100.0, 0.1/100.0) @@ -1194,7 +1196,7 @@ def getConsoleWidth(default=80): return width if width else default def parseXmlFile(xmlFile, handler): - xfile = open(xmlFile) + xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding) content = xfile.read() stream = StringIO(content) parse(stream, handler) @@ -1209,7 +1211,7 @@ def initCommonOutputs(): key = None fileName = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') - cfile = open(fileName, 'r') + cfile = codecs.open(fileName, 'r', conf.dataEncoding) for line in cfile.xreadlines(): line = line.strip() diff --git a/lib/core/option.py b/lib/core/option.py index 5c0c97a6b..bf1967a57 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -96,7 +96,7 @@ def __urllib2Opener(): urllib2.install_opener(opener) def __feedTargetsDict(reqFile, addedTargetUrls): - fp = codecs.open(reqFile, "rb", conf.dataEncoding) + fp = codecs.open(reqFile, "rb") fread = fp.read() fread = fread.replace("\r", "") @@ -745,7 +745,7 @@ def __setHTTPUserAgent(): logger.debug(debugMsg) try: - fd = open(conf.userAgentsFile, "r") + fd = codecs.open(conf.userAgentsFile, "r", conf.dataEncoding) except IOError: warnMsg = "unable to read HTTP User-Agent header " warnMsg += "file '%s'" % conf.userAgentsFile diff --git a/lib/core/update.py b/lib/core/update.py index 0c974e28c..d1cd5575b 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import codecs import difflib import os import re @@ -145,7 +146,7 @@ def __updateMSSQLXML(): servicepackElement.appendChild(servicepackText) # Get the XML old file content to a local variable - mssqlXml = open(paths.MSSQL_XML, "r") + mssqlXml = codecs.open(paths.MSSQL_XML, "r", conf.dataEncoding) oldMssqlXml = mssqlXml.read() oldMssqlXmlSignatures = oldMssqlXml.count("") oldMssqlXmlList = oldMssqlXml.splitlines(1) @@ -155,12 +156,12 @@ def __updateMSSQLXML(): shutil.copy(paths.MSSQL_XML, "%s.bak" % paths.MSSQL_XML) # Save our newly created XML to the signatures file - mssqlXml = open(paths.MSSQL_XML, "w") + mssqlXml = codecs.open(paths.MSSQL_XML, "w", conf.dataEncoding) doc.writexml(writer=mssqlXml, addindent=" ", newl="\n") mssqlXml.close() # Get the XML new file content to a local variable - mssqlXml = open(paths.MSSQL_XML, "r") + mssqlXml = codecs.open(paths.MSSQL_XML, "r", conf.dataEncoding) newMssqlXml = mssqlXml.read() newMssqlXmlSignatures = newMssqlXml.count("") newMssqlXmlList = newMssqlXml.splitlines(1) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 51c965c8f..3e1eb80f8 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import codecs import os import re import stat @@ -357,7 +358,7 @@ class Metasploit: self.__resource += "exploit\n" - self.resourceFp = open(self.resourceFile, "w") + self.resourceFp = codecs.open(self.resourceFile, "w", conf.dataEncoding) self.resourceFp.write(self.__resource) self.resourceFp.close() @@ -546,7 +547,7 @@ class Metasploit: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", "") raise sqlmapFilePathException, errMsg - self.__shellcodeFP = open(self.__shellcodeFilePath, "rb") + self.__shellcodeFP = codecs.open(self.__shellcodeFilePath, "rb", conf.dataEncoding) self.shellcodeString = self.__shellcodeFP.read() self.__shellcodeFP.close() diff --git a/lib/utils/detection.py b/lib/utils/detection.py index 2fd14f691..c4338a0ef 100644 --- a/lib/utils/detection.py +++ b/lib/utils/detection.py @@ -21,10 +21,15 @@ You should have received a copy of the GNU General Public License along with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ -import re, sre_constants + +import codecs +import re +import sre_constants + from xml.dom import minidom from lib.core.common import getCompiledRegex +from lib.core.data import conf from lib.core.data import paths from lib.core.data import logger @@ -36,28 +41,33 @@ def __adjustGrammar(string): string = re.sub('attempts\Z', 'attempt', string) string = re.sub('injections\Z', 'injection', string) string = re.sub('attacks\Z', 'attack', string) + return string def checkPayload(string): """ - This method checks if the generated payload is detectable by the PHPIDS filter rules + This method checks if the generated payload is detectable by the + PHPIDS filter rules """ + global rules if not rules: - file = open(paths.DETECTION_RULES_XML, 'r') - xmlrules = minidom.parse(file).documentElement - file.close() + xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding) + xmlrules = minidom.parse(xfile).documentElement + xfile.close() rules = [] + for xmlrule in xmlrules.getElementsByTagName("filter"): try: rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue) rules.append((rule, desc)) - except sre_constants.error: #some issues with some regex expressions in Python 2.5 + except sre_constants.error: # Some issues with some regex expressions in Python 2.5 pass for rule, desc in rules: regObj = getCompiledRegex(rule) + if regObj.search(string): logger.warn("highly probable IDS/IPS detection: '%s'" % desc) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 77828daaf..c0dec6084 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import codecs import ntpath import os @@ -150,7 +151,7 @@ class Filesystem(GenericFilesystem): dFile = posixToNtSlashes(dFile) dFileName = ntpath.basename(dFile) wFileSize = os.path.getsize(wFile) - wFilePointer = open(wFile, "rb") + wFilePointer = codecs.open(wFile, "rb") wFileContent = wFilePointer.read() wFilePointer.close() diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 654919473..66aa5c022 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -23,6 +23,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ import binascii +import codecs import os from lib.core.agent import agent @@ -163,8 +164,8 @@ class Filesystem: """ fcEncodedList = [] - fp = open(fileName, "rb") - fcEncodedStr = fp.read().encode(encoding).replace("\n", "") + fp = codecs.open(fileName, "rb") + fcEncodedStr = fp.read().encode(encoding).replace("\n", "") if not single: fcLength = len(fcEncodedStr)