From be443c6947824ef13f315fbdc216238704ee8387 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 21 Oct 2010 09:51:07 +0000 Subject: [PATCH] refactoring regarding __START__,... --- lib/core/common.py | 31 +++++++++++++++++++++++-------- lib/core/dump.py | 10 +++------- lib/core/settings.py | 9 ++++++++- lib/core/xmldump.py | 9 +++------ lib/request/inject.py | 1 - lib/utils/resume.py | 11 +++++++---- 6 files changed, 44 insertions(+), 27 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 257e4d3de..59862fffa 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -61,7 +61,11 @@ from lib.core.settings import ORACLE_ALIASES from lib.core.settings import SQLITE_ALIASES from lib.core.settings import ACCESS_ALIASES from lib.core.settings import FIREBIRD_ALIASES - +from lib.core.settings import DUMP_NEWLINE_MARKER +from lib.core.settings import DUMP_DEL_MARKER +from lib.core.settings import DUMP_TAB_MARKER +from lib.core.settings import DUMP_START_MARKER +from lib.core.settings import DUMP_STOP_MARKER class UnicodeRawConfigParser(RawConfigParser): """ @@ -558,9 +562,20 @@ def replaceNewlineTabs(inpStr, stdout=False): if stdout: replacedString = inpStr.replace("\n", " ").replace("\t", " ") else: - replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__") + replacedString = inpStr.replace("\n", DUMP_NEWLINE_MARKER).replace("\t", DUMP_TAB_MARKER) - replacedString = replacedString.replace(kb.misc.delimiter, "__DEL__") + replacedString = replacedString.replace(kb.misc.delimiter, DUMP_DEL_MARKER) + + return replacedString + +def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False): + replacedString = inpStr + + if isinstance(replacedString, basestring): + replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_TAB_MARKER, "\t") + if not onlyNewlineTab: + replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "") + replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ") return replacedString @@ -838,13 +853,13 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) data = [] outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) ) - outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") ) + outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) ) if outCond1 or outCond2: if outCond1: regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop) elif outCond2: - regExpr = '__START__(.*?)__STOP__' + regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER) output = re.findall(regExpr, output, re.S) @@ -855,7 +870,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) ) if partial or not condition: - logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output]) + logOutput = "".join(["%s%s%s" % (DUMP_START_MARKER, replaceNewlineTabs(value), DUMP_STOP_MARKER) for value in output]) dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput)) if sort: @@ -864,8 +879,8 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) for entry in output: info = [] - if "__DEL__" in entry: - entry = entry.split("__DEL__") + if DUMP_DEL_MARKER in entry: + entry = entry.split(DUMP_DEL_MARKER) else: entry = entry.split(kb.misc.delimiter) diff --git a/lib/core/dump.py b/lib/core/dump.py index 38839754e..74409278c 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -14,6 +14,7 @@ import os from lib.core.common import dataToDumpFile from lib.core.common import dataToStdout from lib.core.common import getUnicode +from lib.core.common import restoreDumpMarkedChars from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -39,13 +40,8 @@ class Dump: conf.loggedToOut = True - def __formatString(self, string): - string = getUnicode(string) - string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t") - string = string.replace("__START__", "").replace("__STOP__", "") - string = string.replace("__DEL__", ", ") - - return string + def __formatString(self, inpStr): + return restoreDumpMarkedChars(getUnicode(inpStr)) def setOutputFile(self): self.__outputFile = "%s%slog" % (conf.outputPath, os.sep) diff --git a/lib/core/settings.py b/lib/core/settings.py index 79459cf4a..3dab99699 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -33,7 +33,14 @@ LOGGER_HANDLER.setFormatter(FORMATTER) LOGGER.addHandler(LOGGER_HANDLER) LOGGER.setLevel(logging.WARN) -# error based injection +# dump markers +DUMP_NEWLINE_MARKER = "__NEWLINE__" +DUMP_DEL_MARKER = "__DEL__" +DUMP_TAB_MARKER = "__TAB__" +DUMP_START_MARKER = "__START__" +DUMP_STOP_MARKER = "__STOP__" + +# error based injection markers ERROR_SPACE = ":_:" ERROR_EMPTY_CHAR = ":x:" ERROR_START_CHAR = ":s:" diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py index 478ad52be..8a535e77a 100644 --- a/lib/core/xmldump.py +++ b/lib/core/xmldump.py @@ -12,6 +12,7 @@ from xml.parsers.expat import ExpatError from extra.prettyprint import prettyprint from lib.core.common import getUnicode +from lib.core.common import restoreDumpMarkedChars from lib.core.data import conf from lib.core.data import logger from lib.core.exception import sqlmapFilePathException @@ -137,12 +138,8 @@ class XMLDump: attr.nodeValue = getUnicode(attrValue) return attr - def __formatString(self, string): - string = getUnicode(string) - string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t") - string = string.replace("__START__", "").replace("__STOP__", "") - string = string.replace("__DEL__", ", ") - return string + def __formatString(self, inpStr): + return restoreDumpMarkedChars(getUnicode(inpStr)) def string(self, header, data, sort=True): ''' diff --git a/lib/request/inject.py b/lib/request/inject.py index d80f70a61..f2d9f7d19 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -21,7 +21,6 @@ from lib.core.common import popValue from lib.core.common import pushValue from lib.core.common import randomInt from lib.core.common import readInput -from lib.core.common import replaceNewlineTabs from lib.core.common import safeStringFormat from lib.core.convert import urlencode from lib.core.data import conf diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 6a4b5078d..ff2fcaf88 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -14,13 +14,16 @@ from lib.core.common import calculateDeltaSeconds from lib.core.common import dataToSessionFile from lib.core.common import safeStringFormat from lib.core.common import randomStr -from lib.core.common import replaceNewlineTabs +from lib.core.common import restoreDumpMarkedChars from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries from lib.core.unescaper import unescaper from lib.techniques.blind.inference import bisection +from lib.core.settings import DUMP_START_MARKER +from lib.core.settings import DUMP_STOP_MARKER +from lib.core.settings import DUMP_DEL_MARKER def queryOutputLength(expression, payload): """ @@ -105,16 +108,16 @@ def resume(expression, payload): if not resumedValue: return None - resumedValue = resumedValue.replace("__NEWLINE__", "\n").replace("__TAB__", "\t") + resumedValue = restoreDumpMarkedChars(resumedValue, True) if resumedValue[-1] == "]": resumedValue = resumedValue[:-1] infoMsg = "read from file '%s': " % conf.sessionFile - logValue = re.findall("__START__(.*?)__STOP__", resumedValue, re.S) + logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S) if logValue: - logValue = ", ".join([value.replace("__DEL__", ", ") for value in logValue]) + logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue]) else: logValue = resumedValue