sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Style and consistency update (url -> URL)

Browse Source
This commit is contained in:
stamparm 2013-04-09 11:48:42 +02:00
parent 3948b527dd
commit 8c9da95343
13 changed files with 53 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/action.py
View File

@ -22,7 +22,7 @@ from lib.techniques.brute.use import tableExists
def action():
"""
This function exploit the SQL injection on the affected
url parameter and extract requested data from the
URL parameter and extract requested data from the
back-end database management system or operating system
if possible
"""

16
lib/controller/checks.py
View File

@ -791,7 +791,7 @@ def heuristicCheckSqlInjection(place, parameter):
def checkDynParam(place, parameter, value):
"""
This function checks if the url parameter is dynamic. If it is
This function checks if the URL parameter is dynamic. If it is
dynamic, the content of the page differs, otherwise the
dynamicity might depend on another parameter.
"""
@ -855,14 +855,14 @@ def checkDynamicContent(firstPage, secondPage):
count += 1
if count > conf.retries:
warnMsg = "target url is too dynamic. "
warnMsg = "target URL is too dynamic. "
warnMsg += "Switching to '--text-only' "
logger.warn(warnMsg)
conf.textOnly = True
return
warnMsg = "target url is heavily dynamic"
warnMsg = "target URL is heavily dynamic"
warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg)
@ -880,7 +880,7 @@ def checkStability():
like for instance string matching (--string).
"""
infoMsg = "testing if the url is stable. This can take a couple of seconds"
infoMsg = "testing if the target URL is stable. This can take a couple of seconds"
logger.info(infoMsg)
firstPage = kb.originalPage # set inside checkConnection()
@ -894,7 +894,7 @@ def checkStability():
if kb.pageStable:
if firstPage:
infoMsg = "url is stable"
infoMsg = "target URL is stable"
logger.info(infoMsg)
else:
errMsg = "there was an error checking the stability of page "
@ -904,7 +904,7 @@ def checkStability():
logger.error(errMsg)
else:
warnMsg = "url is not stable, sqlmap will base the page "
warnMsg = "target URL is not stable. sqlmap will base the page "
warnMsg += "comparison on a sequence matcher. If no dynamic nor "
warnMsg += "injectable parameters are detected, or in case of "
warnMsg += "junk results, refer to user's manual paragraph "
@ -1112,7 +1112,7 @@ def checkNullConnection():
if conf.data:
return False
infoMsg = "testing NULL connection to the target url"
infoMsg = "testing NULL connection to the target URL"
logger.info(infoMsg)
try:
@ -1148,7 +1148,7 @@ def checkConnection(suppressOutput=False):
raise SqlmapConnectionException(errMsg)
if not suppressOutput and not conf.dummy:
infoMsg = "testing connection to the target url"
infoMsg = "testing connection to the target URL"
logger.info(infoMsg)
try:

10
lib/controller/controller.py
View File

@ -253,7 +253,7 @@ def start():
if conf.configFile and not kb.targets:
errMsg = "you did not edit the configuration file properly, set "
errMsg += "the target url, list of targets or google dork"
errMsg += "the target URL, list of targets or google dork"
logger.error(errMsg)
return False
@ -301,7 +301,7 @@ def start():
if conf.forms:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
else:
message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
if conf.cookie:
message += "\nCookie: %s" % conf.cookie
@ -340,7 +340,7 @@ def start():
break
else:
message += "\ndo you want to test this url? [Y/n/q]"
message += "\ndo you want to test this URL? [Y/n/q]"
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
@ -350,7 +350,7 @@ def start():
elif test[0] in ("q", "Q"):
break
infoMsg = "testing url '%s'" % targetUrl
infoMsg = "testing URL '%s'" % targetUrl
logger.info(infoMsg)
setupTargetEnv()
@ -602,7 +602,7 @@ def start():
e = getUnicode(e)
if conf.multipleTargets:
e += ", skipping to the next %s" % ("form" if conf.forms else "url")
e += ", skipping to the next %s" % ("form" if conf.forms else "URL")
logger.error(e)
else:
logger.critical(e)

20
lib/core/common.py
View File

@ -1127,7 +1127,7 @@ def parseTargetDirect():
def parseTargetUrl():
"""
Parse target url and set some attributes into the configuration singleton.
Parse target URL and set some attributes into the configuration singleton.
"""
if not conf.url:
@ -1165,14 +1165,14 @@ def parseTargetUrl():
_ = None
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url"
errMsg = "invalid target URL"
raise SqlmapSyntaxException(errMsg)
if len(hostnamePort) == 2:
try:
conf.port = int(hostnamePort[1])
except:
errMsg = "invalid target url"
errMsg = "invalid target URL"
raise SqlmapSyntaxException(errMsg)
elif conf.scheme == "https":
conf.port = 443
@ -1186,13 +1186,13 @@ def parseTargetUrl():
conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
if not conf.referer and intersect(REFERER_ALIASES, conf.testParameter, True):
debugMsg = "setting the HTTP Referer header to the target url"
debugMsg = "setting the HTTP Referer header to the target URL"
logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders)
conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url))
if not conf.host and intersect(HOST_ALIASES, conf.testParameter, True):
debugMsg = "setting the HTTP Host header to the target url"
debugMsg = "setting the HTTP Host header to the target URL"
logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.HOST, conf.httpHeaders)
conf.httpHeaders.append((HTTP_HEADER.HOST, getHostHeader(conf.url)))
@ -2120,7 +2120,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
return char if char in charset else match.group(0)
result = value
if plusspace:
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
result = result.replace("+", " ") # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case)
result = re.sub("%([0-9a-fA-F]{2})", _, result)
if isinstance(result, str):
@ -2147,7 +2147,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
safe = ""
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
# encoded (when not representing URL encoded char)
# except in cases when tampering scripts are used
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value)
@ -3119,7 +3119,7 @@ def randomizeParameterValue(value):
def asciifyUrl(url, forceQuote=False):
"""
Attempts to make a unicode url usuable with ``urllib/urllib2``.
Attempts to make a unicode URL usuable with ``urllib/urllib2``.
More specifically, it attempts to convert the unicode object ``url``,
which is meant to represent a IRI, to an unicode object that,
@ -3232,7 +3232,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
try:
forms = ParseResponse(response, backwards_compat=False)
except ParseError:
warnMsg = "badly formed HTML at the given url ('%s'). Going to filter it" % url
warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
logger.warning(warnMsg)
response.seek(0)
filtered = _("".join(re.findall(FORM_SEARCH_REGEX, response.read())), response.geturl())
@ -3279,7 +3279,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
target = (url, method, data, conf.cookie)
retVal.add(target)
else:
errMsg = "there were no forms found at the given target url"
errMsg = "there were no forms found at the given target URL"
if raise_:
raise SqlmapGenericException(errMsg)
else:

4
lib/core/option.py
View File

@ -189,7 +189,7 @@ def _urllib2Opener():
def _feedTargetsDict(reqFile, addedTargetUrls):
"""
Parses web scarab and burp logs and adds results to the target url list
Parses web scarab and burp logs and adds results to the target URL list
"""
def _parseWebScarabLog(content):
@ -1045,7 +1045,7 @@ def _setSafeUrl():
conf.safUrl = "http://" + conf.safUrl
if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe URL feature"
raise SqlmapSyntaxException(errMsg)
def _setPrefixSuffix():

2
lib/core/settings.py
View File

@ -307,7 +307,7 @@ REFLECTED_MAX_REGEX_PARTS = 10
# Chars which can be used as a failsafe values in case of too long URL encoding value
URLENCODE_FAILSAFE_CHARS = "()|,"
# Maximum length of urlencoded value after which failsafe procedure takes away
# Maximum length of URL encoded value after which failsafe procedure takes away
URLENCODE_CHAR_LIMIT = 2000
# Default schema for Microsoft SQL Server DBMS

6
lib/core/target.py
View File

@ -155,14 +155,14 @@ def _setRequestParams():
kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint:
warnMsg = "you've provided target url without any GET "
warnMsg = "you've provided target URL without any GET "
warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
warnMsg += "and without providing any POST parameters "
warnMsg += "through --data option"
logger.warn(warnMsg)
message = "do you want to try URI injections "
message += "in the target url itself? [Y/n/q] "
message += "in the target URL itself? [Y/n/q] "
test = readInput(message, default="Y")
if not test or test[0] not in ("n", "N"):
@ -423,7 +423,7 @@ def _setResultsFile():
if not conf.resultsFP:
conf.resultsFilename = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, time.strftime(RESULTS_FILE_FORMAT).lower())
conf.resultsFP = codecs.open(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
conf.resultsFP.writelines("Target url,Place,Parameter,Techniques%s" % os.linesep)
conf.resultsFP.writelines("Target URL,Place,Parameter,Techniques%s" % os.linesep)
logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename)

2
lib/request/basic.py
View File

@ -61,7 +61,7 @@ def forgeHeaders(items=None):
if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]:
if kb.mergeCookies is None:
message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE
message += "The target url provided its own cookies within "
message += "The target URL provided its own cookies within "
message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE
message += "Do you want to merge them in futher requests? [Y/n] "
_ = readInput(message, default="Y")

22
lib/request/connect.py
View File

@ -126,7 +126,7 @@ class Connect(object):
warnMsg += "(e.g. 'https://help.ubuntu.com/community/Tor')"
else:
warnMsg = "if the problem persists please check that the provided "
warnMsg += "target url is valid. In case that it is, you can try to rerun "
warnMsg += "target URL is valid. In case that it is, you can try to rerun "
warnMsg += "with the switch '--random-agent' turned on "
warnMsg += "and/or proxy switches ('--ignore-proxy', '--proxy',...)"
singleTimeWarnMessage(warnMsg)
@ -175,8 +175,8 @@ class Connect(object):
@staticmethod
def getPage(**kwargs):
"""
This method connects to the target url or proxy and returns
the target url page content
This method connects to the target URL or proxy and returns
the target URL page content
"""
if conf.delay is not None and isinstance(conf.delay, (int, float)) and conf.delay > 0:
@ -488,7 +488,7 @@ class Connect(object):
if ignoreTimeout:
return None, None, None
else:
warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code])
warnMsg = "unable to connect to the target URL (%d - %s)" % (e.code, httplib.responses[e.code])
if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg)
@ -506,23 +506,23 @@ class Connect(object):
tbMsg = traceback.format_exc()
if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url)
warnMsg = "invalid URL address used (%s)" % repr(url)
raise SqlmapSyntaxException(warnMsg)
elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url"
warnMsg = "connection was forcibly closed by the target URL"
elif "timed out" in tbMsg:
warnMsg = "connection timed out to the target url"
warnMsg = "connection timed out to the target URL"
elif "URLError" in tbMsg or "error" in tbMsg:
warnMsg = "unable to connect to the target url"
warnMsg = "unable to connect to the target URL"
elif "BadStatusLine" in tbMsg:
warnMsg = "connection dropped or unknown HTTP "
warnMsg += "status code received. Try to force the HTTP User-Agent "
warnMsg += "header with option '--user-agent' or switch '--random-agent'"
elif "IncompleteRead" in tbMsg:
warnMsg = "there was an incomplete read error while retrieving data "
warnMsg += "from the target url"
warnMsg += "from the target URL"
else:
warnMsg = "unable to connect to the target url"
warnMsg = "unable to connect to the target URL"
if "BadStatusLine" not in tbMsg:
warnMsg += " or proxy"
@ -569,7 +569,7 @@ class Connect(object):
@staticmethod
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
"""
This method calls a function to get the target url page content
This method calls a function to get the target URL page content
and returns its page MD5 hash or a boolean value in case of
string match check ('--string' command line parameter)
"""

2
lib/techniques/blind/inference.py
View File

@ -450,7 +450,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
infoMsg = None
# If we have got one single character not correctly fetched it
# can mean that the connection to the target url was lost
# can mean that the connection to the target URL was lost
if None in value:
partialValue = "".join(value[:value.index(None)])

10
lib/techniques/union/test.py
View File

@ -90,7 +90,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
found = kb.orderByColumns or _orderByTechnique()
if found:
kb.orderByColumns = found
infoMsg = "target url appears to have %d column%s in query" % (found, 's' if found > 1 else "")
infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "")
singleTimeLogMessage(infoMsg)
return found
@ -150,7 +150,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
kb.errorIsNone = popValue()
if retVal:
infoMsg = "target url appears to be UNION injectable with %d columns" % retVal
infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
singleTimeLogMessage(infoMsg)
return retVal
@ -165,7 +165,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
random.shuffle(positions)
# For each column of the table (# of NULL) perform a request using
# the UNION ALL SELECT statement to test it the target url is
# the UNION ALL SELECT statement to test it the target URL is
# affected by an exploitable union SQL injection vulnerability
for position in positions:
# Prepare expression with delimiters
@ -252,7 +252,7 @@ def _unionConfirm(comment, place, parameter, prefix, suffix, count):
def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
"""
This method tests if the target url is affected by an union
This method tests if the target URL is affected by an union
SQL injection vulnerability. The test is done up to 50 columns
on the target database table
"""
@ -297,7 +297,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
def unionTest(comment, place, parameter, value, prefix, suffix):
"""
This method tests if the target url is affected by an union
This method tests if the target URL is affected by an union
SQL injection vulnerability. The test is done up to 3*50 times
"""

4
lib/techniques/union/use.py
View File

@ -146,8 +146,8 @@ def configUnion(char=None, columns=None):
def unionUse(expression, unpack=True, dump=False):
"""
This function tests for an union SQL injection on the target
url then call its subsidiary function to effectively perform an
union SQL injection on the affected url
URL then call its subsidiary function to effectively perform an
union SQL injection on the affected URL
"""
initTechnique(PAYLOAD.TECHNIQUE.UNION)

6
lib/utils/crawler.py
View File

@ -46,11 +46,11 @@ def crawl(target):
content = Request.getPage(url=current, crawling=True, raise404=False)[0]
except SqlmapConnectionException, e:
errMsg = "connection exception detected (%s). skipping " % e
errMsg += "url '%s'" % current
errMsg += "URL '%s'" % current
logger.critical(errMsg)
except httplib.InvalidURL, e:
errMsg = "invalid url detected (%s). skipping " % e
errMsg += "url '%s'" % current
errMsg = "invalid URL detected (%s). skipping " % e
errMsg += "URL '%s'" % current
logger.critical(errMsg)
if not kb.threadContinue: