refactoring regarding __START__,...

2025-01-24 00:04:23 +03:00 · 2010-10-21 09:51:07 +00:00 · 2010-10-21 09:51:07 +00:00 · be443c6947
commit be443c6947
parent 2668c95ef4
6 changed files with 44 additions and 27 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -61,7 +61,11 @@ from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES
-
+from lib.core.settings import DUMP_NEWLINE_MARKER
+from lib.core.settings import DUMP_DEL_MARKER
+from lib.core.settings import DUMP_TAB_MARKER
+from lib.core.settings import DUMP_START_MARKER
+from lib.core.settings import DUMP_STOP_MARKER

 class UnicodeRawConfigParser(RawConfigParser):
    """
@ -558,9 +562,20 @@ def replaceNewlineTabs(inpStr, stdout=False):
    if stdout:
        replacedString = inpStr.replace("\n", " ").replace("\t", " ")
    else:
-        replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
+        replacedString = inpStr.replace("\n", DUMP_NEWLINE_MARKER).replace("\t", DUMP_TAB_MARKER)

-    replacedString = replacedString.replace(kb.misc.delimiter, "__DEL__")
+    replacedString = replacedString.replace(kb.misc.delimiter, DUMP_DEL_MARKER)
+
+    return replacedString
+
+def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False):
+    replacedString = inpStr
+
+    if isinstance(replacedString, basestring):
+        replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_TAB_MARKER, "\t")
+        if not onlyNewlineTab:
+            replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "")
+            replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ")

    return replacedString

@ -838,13 +853,13 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
    data = []

    outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) )
-    outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") )
+    outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )

    if outCond1 or outCond2:
        if outCond1:
            regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop)
        elif outCond2:
-            regExpr = '__START__(.*?)__STOP__'
+            regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)

        output = re.findall(regExpr, output, re.S)

@ -855,7 +870,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
                        )

        if partial or not condition:
-            logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
+            logOutput = "".join(["%s%s%s" % (DUMP_START_MARKER, replaceNewlineTabs(value), DUMP_STOP_MARKER) for value in output])
            dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))

        if sort:
@ -864,8 +879,8 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
        for entry in output:
            info = []

-            if "__DEL__" in entry:
-                entry = entry.split("__DEL__")
+            if DUMP_DEL_MARKER in entry:
+                entry = entry.split(DUMP_DEL_MARKER)
            else:
                entry = entry.split(kb.misc.delimiter)

--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@ -14,6 +14,7 @@ import os
 from lib.core.common import dataToDumpFile
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -39,13 +40,8 @@ class Dump:

        conf.loggedToOut = True

-    def __formatString(self, string):
-        string = getUnicode(string)
-        string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
-        string = string.replace("__START__", "").replace("__STOP__", "")
-        string = string.replace("__DEL__", ", ")
-
-        return string
+    def __formatString(self, inpStr):
+        return restoreDumpMarkedChars(getUnicode(inpStr))

    def setOutputFile(self):
        self.__outputFile = "%s%slog" % (conf.outputPath, os.sep)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -33,7 +33,14 @@ LOGGER_HANDLER.setFormatter(FORMATTER)
 LOGGER.addHandler(LOGGER_HANDLER)
 LOGGER.setLevel(logging.WARN)

-# error based injection
+# dump markers
+DUMP_NEWLINE_MARKER = "__NEWLINE__"
+DUMP_DEL_MARKER     = "__DEL__"
+DUMP_TAB_MARKER     = "__TAB__"
+DUMP_START_MARKER   = "__START__"
+DUMP_STOP_MARKER    = "__STOP__"
+
+# error based injection markers
 ERROR_SPACE        = ":_:"
 ERROR_EMPTY_CHAR   = ":x:"
 ERROR_START_CHAR   = ":s:"
--- a/lib/core/xmldump.py
+++ b/lib/core/xmldump.py
@ -12,6 +12,7 @@ from xml.parsers.expat import ExpatError

 from extra.prettyprint import prettyprint
 from lib.core.common import getUnicode
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import sqlmapFilePathException
@ -137,12 +138,8 @@ class XMLDump:
            attr.nodeValue = getUnicode(attrValue)
        return attr

-    def __formatString(self, string):
-        string = getUnicode(string)
-        string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
-        string = string.replace("__START__", "").replace("__STOP__", "")
-        string = string.replace("__DEL__", ", ")
-        return string
+    def __formatString(self, inpStr):
+        return restoreDumpMarkedChars(getUnicode(inpStr))

    def string(self, header, data, sort=True):
        '''
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -21,7 +21,6 @@ from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import readInput
-from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
 from lib.core.convert import urlencode
 from lib.core.data import conf
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@ -14,13 +14,16 @@ from lib.core.common import calculateDeltaSeconds
 from lib.core.common import dataToSessionFile
 from lib.core.common import safeStringFormat
 from lib.core.common import randomStr
-from lib.core.common import replaceNewlineTabs
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.unescaper import unescaper
 from lib.techniques.blind.inference import bisection
+from lib.core.settings import DUMP_START_MARKER
+from lib.core.settings import DUMP_STOP_MARKER
+from lib.core.settings import DUMP_DEL_MARKER

 def queryOutputLength(expression, payload):
    """
@ -105,16 +108,16 @@ def resume(expression, payload):
        if not resumedValue:
            return None

-        resumedValue = resumedValue.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
+        resumedValue = restoreDumpMarkedChars(resumedValue, True)

        if resumedValue[-1] == "]":
            resumedValue = resumedValue[:-1]

            infoMsg  = "read from file '%s': " % conf.sessionFile
-            logValue = re.findall("__START__(.*?)__STOP__", resumedValue, re.S)
+            logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S)

            if logValue:
-                logValue = ", ".join([value.replace("__DEL__", ", ") for value in logValue])
+                logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue])
            else:
                logValue = resumedValue